Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti Virus Blocked, Browser redirects.


  • This topic is locked This topic is locked
23 replies to this topic

#1 marcncol

marcncol

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 09:00 AM

I am running Windows Vista. After a windows update and also a potentially fake Adobe update, my computer seems to be infected. There was a windows security warning that I had no anti-virus software. I tried launching my Trend Micro anti-virus and nothing happens. When I try to go to their website, I am redirected to random sites.

any help would be greatly apreciated.


I tried doing a system restore to 3 earlier dates and each one fails.

Edited by marcncol, 17 July 2011 - 10:58 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 AM

Posted 17 July 2011 - 11:00 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 marcncol

marcncol
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 11:20 AM

First, I should tell you that when I was unable to run Trend Micro anti-virus, I tried to download AVG. AVG would not install unless I un-installed Trend Micro. So I uninstalled Trend Micro. But AVG still wouldn't work.

Here are the results you asked for:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 5
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````



MiniToolBox:

When I hit GO, I get this error box:
nslookup.exe - Ordinal Not Found
The ordinal 1108 could not be located in the dynamic link library
WSOCK32.dll

then I hit OK (this happened twice)

Here are the results:

MiniToolBox by Farbar
Ran by Colleen (administrator) on 17-07-2011 at 12:13:50
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Colleen-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-01-E7-CC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::59f3:19a6:d644:a992%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 17, 2011 12:02:16 PM
Lease Expires . . . . . . . . . . : Monday, July 18, 2011 12:02:15 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251666843
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-FC-41-F1-00-21-9B-01-E7-CC
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:302c:3e07:3f57:fe9b(Preferred)
Link-local IPv6 Address . . . . . : fe80::302c:3e07:3f57:fe9b%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 84:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 85:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D06F9C5D-11B7-4583-841E-54FA8FDE19AC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.225.51] with 32 bytes of data:

Reply from 74.125.225.51: bytes=32 time=18ms TTL=54

Reply from 74.125.225.51: bytes=32 time=20ms TTL=54



Ping statistics for 74.125.225.51:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 20ms, Average = 19ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=55ms TTL=54

Reply from 209.191.122.70: bytes=32 time=66ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 66ms, Average = 60ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 9b 01 e7 cc ...... Intel® 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
86 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
87 ...00 00 00 00 00 00 00 e0 isatap.{D06F9C5D-11B7-4583-841E-54FA8FDE19AC}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:302c:3e07:3f57:fe9b/128
On-link
11 276 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::302c:3e07:3f57:fe9b/128
On-link
11 276 fe80::59f3:19a6:d644:a992/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/17/2011 00:15:00 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x14a8, application start time 0xnslookup.exe0.

Error: (07/17/2011 00:14:51 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x1288, application start time 0xnslookup.exe0.

Error: (07/17/2011 00:11:36 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .

Error: (07/17/2011 00:08:50 PM) (Source: Application Error) (User: )
Description: Faulting application iPodService.exe, version 10.2.2.12, time stamp 0x4da73146, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0043879e,
process id 0xf10, application start time 0xiPodService.exe0.

Error: (07/17/2011 00:03:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2011 00:02:29 PM) (Source: Application Error) (User: )
Description: Faulting application mDNSResponder.exe, version 2.0.5.0, time stamp 0x4d9cf41b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x004332a8,
process id 0x108, application start time 0xmDNSResponder.exe0.

Error: (07/17/2011 00:02:23 PM) (Source: Application Error) (User: )
Description: Faulting application AppleMobileDeviceService.exe, version 17.66.0.47, time stamp 0x4d4d9ef9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00403d54,
process id 0x7c4, application start time 0xAppleMobileDeviceService.exe0.

Error: (07/17/2011 11:55:47 AM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: .

Error: (07/17/2011 11:53:56 AM) (Source: Application Error) (User: )
Description: Faulting application iPodService.exe, version 10.2.2.12, time stamp 0x4da73146, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0043879e,
process id 0xdf0, application start time 0xiPodService.exe0.

Error: (07/17/2011 11:32:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3060.45 MB
Available physical RAM: 2009.32 MB
Total Pagefile: 6355.18 MB
Available Pagefile: 5302.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.84 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:51.96 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.03 GB) NTFS
4 Drive f: () (Removable) (Total:1.87 GB) (Free:0.41 GB) FAT

========================= Users: ========================================

User accounts for \\COLLEEN-PC

Administrator Brenna Colleen
Guest Kevin Marc


== End of log ==


I installed Malware MBAM but it won't let me run it. I will try to re-install and run again.

#4 marcncol

marcncol
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 11:25 AM

uninstalled MBAM and tried to re-install. Got an error Please report the following error code to the Malwarebyte's anti-malware support team.

Error code: 732 (0,0)

Don't know if I should proceed to GMER without sucess here.

Thanks for your help.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 AM

Posted 17 July 2011 - 11:37 AM

I should tell you that when I was unable to run Trend Micro anti-virus, I tried to download AVG. AVG would not install unless I un-installed Trend Micro. So I uninstalled Trend Micro. But AVG still wouldn't work.

You can't be running two AV programs anyway.

Let's make sure, both programs are properly uninstalled.
Run TrendMicro uninstaller: http://esupport.trendmicro.com/Pages/How-do-I-remove-Trend-Micro-Internet-Security-Pro-and-Trend-Micro-Inte.aspx
Run AVG Remover: http://www.avg.com/us-en/utilities

See, if one of these will install:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
If successful, update, run full scan, report on any findings.

Regarding MBAM...
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

Then run GMER anyway.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 marcncol

marcncol
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 12:53 PM

I downloaded Avast. When I try to do a scan, it just doesn't start.

I Followed the instructions to uninstall both anti virus programs.
I then followed your instructions to remove and reinstall MBAM. As soon as I start the scan, it just stops. If I try to run it again, I get a message saying "cannot acces the specified device, path or file. You may not have the appropriate permissions to access the item."

Will try GMER next, but I'm starting to panic.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 AM

Posted 17 July 2011 - 12:58 PM

Go ahead with GMER.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 marcncol

marcncol
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 03:35 PM

After stopping twice, I unchecked "Devices" and it ran. The results are too long to post here, is there a section you need? I will try to post some of it:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-17 16:30:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDP725032GLA360 rev.GM3OA5BA
Running: 7ij8kq59.exe; Driver: C:\Users\Colleen\AppData\Local\Temp\uwdiafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F667202] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F6697F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F669848] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F66995E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F669746] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8F669898] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F66979A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F66990C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F667226] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F666FF0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F66724A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F669D56] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F667CDA] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F669820] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F669870] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F669988] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F669772] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F6698D8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F6697C8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F669936] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F667BA0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F66726E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F667292] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F66704A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F667186] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F667162] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F6671AA] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F6672B6] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 824EA890 4 Bytes [02, 72, 66, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D1 824EA954 8 Bytes [F0, 97, 66, 8F, 48, 98, 66, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 824EA960 4 Bytes [5E, 99, 66, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1F5 824EA978 4 Bytes [46, 97, 66, 8F]
.text ntkrnlpa.exe!KeSetEvent + 215 824EA998 2 Bytes [98, 98] {CWDE ; CWDE }
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82677E18 4 Bytes CALL 8F66834B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8267BA8C 4 Bytes CALL 8F668361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Windows\System32\Drivers\1214969294.SYS Access is denied.
.text tdx.sys 8F784000 5 Bytes [00, 00, 00, 00, 00]
.text tdx.sys 8F784006 1 Byte [8B]
.text tdx.sys 8F784006 237 Bytes [8B, FF, 55, 8B, EC, 6A, 00, ...]
.text tdx.sys 8F7840F4 117 Bytes [75, 10, FF, 75, 14, 6A, 2B, ...]
.text tdx.sys 8F78416A 105 Bytes [04, 8D, 45, 18, 50, FF, 75, ...]
.text ...
? C:\Windows\system32\DRIVERS\tdx.sys suspicious PE modification
.text win32k.sys!EngCreateRectRgn + 4537 98ADFC80 5 Bytes JMP 8F66A440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 98AF8EA9 5 Bytes JMP 8F66AE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 98AF9C95 5 Bytes JMP 8F66AF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 98B023F7 5 Bytes JMP 8F669D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 98B0334E 5 Bytes JMP 8F66ABD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 98B0EA94 5 Bytes JMP 8F66A316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 98B0FEFF 5 Bytes JMP 8F669F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 98B29A35 5 Bytes JMP 8F66A180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 98B29A89 5 Bytes JMP 8F66A326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 98B50A8E 5 Bytes JMP 8F66AB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 98B533ED 5 Bytes JMP 8F669E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 98B59D2E 5 Bytes JMP 8F669FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 98B641CC 5 Bytes JMP 8F66B014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 98B670B4 5 Bytes JMP 8F669E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 98B854E5 5 Bytes JMP 8F66AD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 98B8BBB3 5 Bytes JMP 8F66ABAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 98B8F32A 5 Bytes JMP 8F66ACA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 98B96C49 5 Bytes JMP 8F669EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 98BB51BC 5 Bytes JMP 8F66A0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 98BBAA3A 5 Bytes JMP 8F66A008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 98BBE572 5 Bytes JMP 8F66AECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 98BDCA97 5 Bytes JMP 8F66A03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 98BE92F1 5 Bytes JMP 8F66A0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskeng.exe[248] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[248] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[248] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[248] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[248] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[280] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[280] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[280] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[280] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[280] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[280] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[280] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[280] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[280] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[280] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[280] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[280] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[280] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[280] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[280] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[280] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00180600
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00181014
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00180804
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00180A08
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00180C0C
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00180E10
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001801F8
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00190600
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00190804
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00190A08
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001901F8
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[608] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\csrss.exe[648] KERNEL32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[692] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[704] KERNEL32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00180600
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00180804
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\winlogon.exe[764] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[764] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[764] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[764] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\winlogon.exe[764] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\winlogon.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\winlogon.exe[764] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\winlogon.exe[764] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000A0600
.text C:\Windows\system32\winlogon.exe[764] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\winlogon.exe[764] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\winlogon.exe[764] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\winlogon.exe[764] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsass.exe[780] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[780] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[780] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[780] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[780] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[780] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[780] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[780] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[780] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[780] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[780] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[780] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[780] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[788] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[788] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[788] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[788] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[788] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[788] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00170600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00180600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00181014
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00180804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00180A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00180E10
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[840] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001801F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001703FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00170600
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00171014
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00170804
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00170A08
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00170C0C
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00170E10
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[952] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 003F0600
.text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 003F0804
.text C:\Windows\system32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 003F0A08
.text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 003F01F8
.text C:\Windows\system32\svchost.exe[956] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 003F03FC
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[1080] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[1080] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[1080] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[1080] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[1080] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[1080] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[1080] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[1080] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[1080] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 002803FC
.text C:\Windows\System32\igfxpers.exe[1080] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00280600
.text C:\Windows\System32\igfxpers.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00281014
.text C:\Windows\System32\igfxpers.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00280804
.text C:\Windows\System32\igfxpers.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00280A08
.text C:\Windows\System32\igfxpers.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00280C0C
.text C:\Windows\System32\igfxpers.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00280E10
.text C:\Windows\System32\igfxpers.exe[1080] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 002801F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001603FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00170600
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00180600
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00181014
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00180804
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00180A08
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00180E10
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1144] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 000C0600
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 000C1014
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 000C0804
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 000C0C0C
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 000C0E10
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00120600
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00120804
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00120A08
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001201F8
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001203FC
.text C:\Windows\System32\svchost.exe[1212] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1212] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1212] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1212] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00CD0600
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00CD0804
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00CD0A08
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 00CD01F8
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 00CD03FC
.text C:\Windows\system32\SearchIndexer.exe[1220] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[1220] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[1220] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[1220] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[1220] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[1220] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[1220] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[1220] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[1220] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[1220] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[1220] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000D0600
.text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000D0804
.text C:\Windows\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000D0A08
.text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000D01F8
.text C:\Windows\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000D03FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1272] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\AUDIODG.EXE[1364] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00470600
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00470804
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00470A08
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 004701F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 004703FC
.text C:\Windows\System32\svchost.exe[1444] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1444] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1444] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1444] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1444] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1444] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000801F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00160600
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00160804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00160A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00170600
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00171014
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00170804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00170A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00170C0C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1496] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1612] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1612] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000F0A08
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[1680] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1680] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1680] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1680] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1680] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[1680] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000F0A08
.text C:\Windows\system32\svchost.exe[1680] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[1680] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000F03FC
.text C:\Windows\RtHDVCpl.exe[1732] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[1732] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[1732] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[1732] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[1732] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[1732] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[1732] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[1732] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[1732] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00180A08
.text C:\Windows\RtHDVCpl.exe[1732] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[1732] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00160600
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00161014
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00160804
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00160A08
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00160C0C
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00160E10
.text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[1800] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001601F8
.text C:\Windows\System32\spoolsv.exe[1808] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1808] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1808] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1808] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1808] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1808] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1808] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00160600
.text C:\Windows\System32\spoolsv.exe[1808] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00160804
.text C:\Windows\System32\spoolsv.exe[1808] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00160A08
.text C:\Windows\System32\spoolsv.exe[1808] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001601F8
.text C:\Windows\System32\spoolsv.exe[1808] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\svchost.exe[1836] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1836] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1836] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1836] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1836] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1836] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1836] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1836] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000B03FC
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00080600
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00080804
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00080A08
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000801F8
.text C:\Windows\WindowsMobile\wmdSync.exe[1872] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\igfxsrvc.exe[1944] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[1944] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[1944] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[1944] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[1944] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[1944] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[1944] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[1944] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[1944] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 002803FC
.text C:\Windows\system32\igfxsrvc.exe[1944] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00280600
.text C:\Windows\system32\igfxsrvc.exe[1944] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00281014
.text C:\Windows\system32\igfxsrvc.exe[1944] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00280804
.text C:\Windows\system32\igfxsrvc.exe[1944] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00280A08
.text C:\Windows\system32\igfxsrvc.exe[1944] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00280C0C
.text C:\Windows\system32\igfxsrvc.exe[1944] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00280E10
.text C:\Windows\system32\igfxsrvc.exe[1944] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 002801F8
.text C:\Windows\system32\AERTSrv.exe[2024] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\AERTSrv.exe[2024] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Windows\system32\AERTSrv.exe[2024] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\AERTSrv.exe[2024] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\AERTSrv.exe[2024] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\AERTSrv.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\AERTSrv.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\AERTSrv.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\AERTSrv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\AERTSrv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\AERTSrv.exe[2024] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxtray.exe[2072] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[2072] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[2072] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2072] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00280600
.text C:\Windows\System32\igfxtray.exe[2072] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00280804
.text C:\Windows\System32\igfxtray.exe[2072] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00280A08
.text C:\Windows\System32\igfxtray.exe[2072] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 002801F8
.text C:\Windows\System32\igfxtray.exe[2072] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 002803FC
.text C:\Windows\System32\igfxtray.exe[2072] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 002903FC
.text C:\Windows\System32\igfxtray.exe[2072] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00290600
.text C:\Windows\System32\igfxtray.exe[2072] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00291014
.text C:\Windows\System32\igfxtray.exe[2072] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00290804
.text C:\Windows\System32\igfxtray.exe[2072] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00290A08
.text C:\Windows\System32\igfxtray.exe[2072] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00290C0C
.text C:\Windows\System32\igfxtray.exe[2072] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00290E10
.text C:\Windows\System32\igfxtray.exe[2072] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 002901F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00170600
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00170804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2084] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001703FC
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00180600
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00180804
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00180A08
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001801F8
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001803FC
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001903FC
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00190600
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00191014
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00190804
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00190A08
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00190C0C
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00190E10
.text C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe[2104] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[2152] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[2152] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[2152] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2152] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[2152] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[2152] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[2152] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[2152] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[2152] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[2152] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[2152] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001901F8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00170600
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00170804
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00180600
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00181014
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00180804
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00180A08
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00180C0C
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00180E10
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2340] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001801F8
.text C:\Windows\ehome\ehmsas.exe[2348] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[2348] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[2348] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[2348] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[2348] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[2348] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[2348] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[2348] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[2348] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[2348] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[2348] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000703FC
.text F:\7ij8kq59.exe[2428] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text F:\7ij8kq59.exe[2428] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text F:\7ij8kq59.exe[2428] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text F:\7ij8kq59.exe[2428] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001A03FC
.text F:\7ij8kq59.exe[2428] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 001A0600
.text F:\7ij8kq59.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 001A1014
.text F:\7ij8kq59.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 001A0804
.text F:\7ij8kq59.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 001A0A08
.text F:\7ij8kq59.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 001A0C0C
.text F:\7ij8kq59.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 001A0E10
.text F:\7ij8kq59.exe[2428] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001A01F8
.text F:\7ij8kq59.exe[2428] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 001B0600
.text F:\7ij8kq59.exe[2428] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 001B0804
.text F:\7ij8kq59.exe[2428] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 001B0A08
.text F:\7ij8kq59.exe[2428] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001B01F8
.text F:\7ij8kq59.exe[2428] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001B03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001603FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00170600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00171014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00170804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00170A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00180600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00180804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2548] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001803FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2636] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2728] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[2728] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[2728] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2728] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000B03FC
.text C:\Windows\ehome\ehtray.exe[2728] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 000B0600
.text C:\Windows\ehome\ehtray.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 000B1014
.text C:\Windows\ehome\ehtray.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 000B0804
.text C:\Windows\ehome\ehtray.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 000B0A08
.text C:\Windows\ehome\ehtray.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 000B0C0C
.text C:\Windows\ehome\ehtray.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 000B0E10
.text C:\Windows\ehome\ehtray.exe[2728] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000B01F8
.text C:\Windows\ehome\ehtray.exe[2728] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000C0600
.text C:\Windows\ehome\ehtray.exe[2728] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000C0804
.text C:\Windows\ehome\ehtray.exe[2728] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000C0A08
.text C:\Windows\ehome\ehtray.exe[2728] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000C01F8
.text C:\Windows\ehome\ehtray.exe[2728] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00170600
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00171014
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00170804
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00170A08
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00170C0C
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001701F8
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00180600
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00180804
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2732] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001803FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001503FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00170600
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00170804
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00170A08
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001701F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001703FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001803FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00180600
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00181014
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00180804
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00180A08
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00180C0C
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00180E10
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[2736] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001801F8
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\ieuser.exe[2832] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!DialogBoxParamW 76F710B0 5 Bytes JMP 6C41C00F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!DialogBoxIndirectParamW 76F72EF5 5 Bytes JMP 6C55BC22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!DialogBoxParamA 76F88152 5 Bytes JMP 6C55BBE7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!DialogBoxIndirectParamA 76F8847D 5 Bytes JMP 6C55BC5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!MessageBoxIndirectA 76F9D4D9 5 Bytes JMP 6C55BBA3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!MessageBoxIndirectW 76F9D5D3 5 Bytes JMP 6C55BB5F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!MessageBoxExA 76F9D639 5 Bytes JMP 6C55BB25 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] USER32.dll!MessageBoxExW 76F9D65D 5 Bytes JMP 6C55BAEB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] SHELL32.dll!SHRestricted + D95 760189A8 4 Bytes [99, 0B, 1C, 6C] {CDQ ; OR EBX, [ESP+EBP*2]}
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] SHELL32.dll!SHRestricted + D9D 760189B0 8 Bytes [A7, 0A, 1C, 6C, A4, 32, 1B, ...] {CMPSD ; OR BL, [ESP+EBP*2]; MOVSB ; XOR BL, [EBX]; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[2844] ole32.dll!OleLoadFromStream 75E01E80 5 Bytes JMP 6C55BE1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 001403FC
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00160600
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00160804
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00160A08
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 001601F8
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 001603FC
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 001703FC
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00170600
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00171014
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00170804
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00170A08
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00170C0C
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00170E10
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[2884] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000603FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00460600
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00460804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00460A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 004601F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 004603FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 004503FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00450600
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00451014
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00450804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00450A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00450C0C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00450E10
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[3208] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 004501F8
.text C:\Windows\system32\svchost.exe[3264] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3264] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3264] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[3352] KERNEL32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[3472] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[3472] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[3472] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[3472] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[3472] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[3472] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[3472] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[3472] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[3472] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[3472] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[3472] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wuauclt.exe[3472] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[3472] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wuauclt.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wuauclt.exe[3472] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\wermgr.exe[3616] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\wermgr.exe[3616] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\wermgr.exe[3616] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\wermgr.exe[3616] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wermgr.exe[3616] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\wermgr.exe[3616] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\wermgr.exe[3616] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\wermgr.exe[3616] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wermgr.exe[3616] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\wermgr.exe[3616] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\wermgr.exe[3616] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wermgr.exe[3616] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000D0600
.text C:\Windows\system32\wermgr.exe[3616] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000D0804
.text C:\Windows\system32\wermgr.exe[3616] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000D0A08
.text C:\Windows\system32\wermgr.exe[3616] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000D01F8
.text C:\Windows\system32\wermgr.exe[3616] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000D03FC
.text C:\Windows\system32\taskeng.exe[3764] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3764] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3764] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3764] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3764] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3764] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3764] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3764] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3764] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3764] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3764] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[3824] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\Dwm.exe[3824] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3824] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[3824] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\Dwm.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\Dwm.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\Dwm.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\Dwm.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\Dwm.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\Dwm.exe[3824] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\Dwm.exe[3824] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[3824] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[3824] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\Dwm.exe[3824] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[3824] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000C03FC
.text C:\Windows\Explorer.EXE[3876] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3876] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3876] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\Explorer.EXE[3876] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3876] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3876] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3876] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3876] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3876] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3876] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3876] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3876] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[3876] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[3876] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[3876] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[3876] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[4052] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4052] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4052] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[4052] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[4052] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 000E0600
.text C:\Windows\system32\svchost.exe[4052] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 000E0804
.text C:\Windows\system32\svchost.exe[4052] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 000E0A08
.text C:\Windows\system32\svchost.exe[4052] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[4052] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000E03FC
.text C:\Windows\System32\wpcumi.exe[4092] ntdll.dll!LdrLoadDll 775A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\wpcumi.exe[4092] ntdll.dll!LdrUnloadDll 775BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\wpcumi.exe[4092] kernel32.dll!GetBinaryTypeW + 70 76C32467 1 Byte [62]
.text C:\Windows\System32\wpcumi.exe[4092] ADVAPI32.dll!CreateServiceW 77109EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\wpcumi.exe[4092] ADVAPI32.dll!DeleteService 7710A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\wpcumi.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 77146CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\wpcumi.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 77146DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\wpcumi.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 77146F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\wpcumi.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 77147099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\wpcumi.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 771471E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\wpcumi.exe[4092] ADVAPI32.dll!CreateServiceA 771472A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\wpcumi.exe[4092] USER32.dll!SetWindowsHookExA 76F46322 5 Bytes JMP 00080600
.text C:\Windows\System32\wpcumi.exe[4092] USER32.dll!SetWindowsHookExW 76F487AD 5 Bytes JMP 00080804
.text C:\Windows\System32\wpcumi.exe[4092] USER32.dll!UnhookWindowsHookEx 76F498DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\wpcumi.exe[4092] USER32.dll!SetWinEventHook 76F49F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\wpcumi.exe[4092] USER32.dll!UnhookWinEvent 76F4C06F 5 Bytes JMP 000803FC

#9 marcncol

marcncol
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 03:36 PM

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tdx.sys[HAL.dll!KfLowerIrql] 4000A18B
IAT \SystemRoot\system32\DRIVERS\tdx.sys[HAL.dll!KeGetCurrentIrql] 00BF8F79
IAT \SystemRoot\system32\DRIVERS\tdx.sys[HAL.dll!KfRaiseIrql] 3B8F7940

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 006C0002
IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 006C0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6C1AD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6C1AD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6C1AB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6C1AD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6C1ABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6C1AF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6C1AC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6C1AF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6C1AD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6C1AB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6C1ADE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6C1AC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6C1AF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6C1B0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6C1AFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6C1B02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6C1AD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6C1ABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6C1AB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6C1AD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6C1AA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6C1BDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6C1BE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C1BCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6C1BD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6C1BCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C1BC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6C1BCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6C1B0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6C1AFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6C1AFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6C1B02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6C1AFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6C1A89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6C1AEBFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6C1A8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6C1AE3CB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6C1AE9A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6C1AC1D6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6C1A8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6C1AF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6C1A8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6C1AE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6C1AC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6C1ADE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6C1AEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6C1ADDDD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6C1AD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6C1ABBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6C1ABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6C1AD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6C1AD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6C1AE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6C1AB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6C1AA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6C1AA819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6C1AC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6C1AD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6C1A8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6C1ABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6C1B02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6C1AFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6C1AF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6C1A8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6C1A8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6C1ABBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6C1AFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6C1AFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6C1B0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6C1AEFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6C1A89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6C1AD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6C1ACF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6C1ACE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6C1BCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6C1BC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6C1BCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6C1BD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6C1BCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6C1BC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6C1BCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6C1BE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6C1BD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6C1BCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6C1BDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6C1BD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6C1BE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6C1BDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6C1BDFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6C1BE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6C1BDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6C1BD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6C1AA460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6C1AFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6C1AE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6C1AA6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6C1AAE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6C1AB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6C1AC023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6C1AF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6C1AB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6C1A9700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6C1AD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6C1ADE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6C1B02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6C1B0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6C1A9362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6C1A89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6C1AF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6C1AA1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6C1AA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6C1AEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6C1AE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6C1AC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6C1A8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6C1A8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6C1ADE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6C1A94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6C1AD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6C1ABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6C1A8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6C1AD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6C1A9231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6C1AC58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6C1ACF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6C1ACA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C1BCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C1BC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6C1BDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6C1BE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6C1BCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6C1BDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6C1BD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6C1BE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6C1BD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6C1BD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6C1BD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6C1BC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6C1BC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6C1BD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C1BCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6C1BCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6C1B91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6C1B0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6C1B02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6C1AD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6C1AF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6C1AC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6C1A94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6C1A8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6C1ABD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6C1AD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6C1A8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6C1AD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6C1BD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6C1BD28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6C1BE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6C1BE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6C1BDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6C1BCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6C1BDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6C1BD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6C1BD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6C1BDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6C1BCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6C1BD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C1BCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6C1BCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C1BC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6C1BD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C1BCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6C1B5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6C1B5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6C1B4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6C1B50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6C1B519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6C1B40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6C1B5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6C1B619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6C1B53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6C1B61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2844] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6C1B3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7462A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74608395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7465CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8F758000-8F761000 (36864 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:412] 8F75CD20
Thread System [4:416] 8F75CD20
Thread System [4:420] 8F7516F0
Thread System [4:424] 8F7516F0

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [MANUAL] 1214969294 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\1214969294@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\1214969294@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\1214969294@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\1214969294@DisplayName Virtual Bus for Microsoft ACPI-Compliant System
Reg HKLM\SYSTEM\ControlSet003\Services\1214969294@Start 3
Reg HKLM\SYSTEM\ControlSet003\Services\1214969294@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\1214969294@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\1214969294@DisplayName Virtual Bus for Microsoft ACPI-Compliant System
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB56846$\2511778887 0 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\click.tlb 2144 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\L 0 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\L\qnbwvoto 89872 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\loader.tlb 2540 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U 0 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U\@00000001 54368 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U\@000000c0 2560 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U\@000000cb 2048 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U\@80000000 24576 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U\@800000c0 33280 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U\@800000cb 27648 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\U\@800000cf 27648 bytes
File C:\Windows\$NtUninstallKB56846$\2511778887\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes
File C:\Windows\$NtUninstallKB56846$\3828753195 0 bytes

---- EOF - GMER 1.0.15 ----

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 AM

Posted 17 July 2011 - 04:37 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 marcncol

marcncol
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 04:52 PM

2011/07/17 17:45:58.0438 4788 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/17 17:45:59.0343 4788 ================================================================================
2011/07/17 17:45:59.0343 4788 SystemInfo:
2011/07/17 17:45:59.0343 4788
2011/07/17 17:45:59.0343 4788 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/17 17:45:59.0343 4788 Product type: Workstation
2011/07/17 17:45:59.0343 4788 ComputerName: COLLEEN-PC
2011/07/17 17:45:59.0343 4788 UserName: Colleen
2011/07/17 17:45:59.0343 4788 Windows directory: C:\Windows
2011/07/17 17:45:59.0343 4788 System windows directory: C:\Windows
2011/07/17 17:45:59.0343 4788 Processor architecture: Intel x86
2011/07/17 17:45:59.0343 4788 Number of processors: 2
2011/07/17 17:45:59.0343 4788 Page size: 0x1000
2011/07/17 17:45:59.0343 4788 Boot type: Normal boot
2011/07/17 17:45:59.0343 4788 ================================================================================
2011/07/17 17:46:01.0418 4788 Initialize success
2011/07/17 17:46:07.0050 1808 ================================================================================
2011/07/17 17:46:07.0050 1808 Scan started
2011/07/17 17:46:07.0050 1808 Mode: Manual;
2011/07/17 17:46:07.0050 1808 ================================================================================
2011/07/17 17:46:10.0887 1808 Suspicious service (NoAccess): 1214969294
2011/07/17 17:46:11.0371 1808 1214969294 (88473c7ff4698e92bc7177415e14d666) C:\Windows\system32\drivers\1214969294.sys
2011/07/17 17:46:11.0371 1808 Suspicious file (NoAccess): C:\Windows\system32\drivers\1214969294.sys. md5: 88473c7ff4698e92bc7177415e14d666
2011/07/17 17:46:11.0386 1808 1214969294 - detected LockedService.Multi.Generic (1)
2011/07/17 17:46:11.0574 1808 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/17 17:46:12.0088 1808 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/17 17:46:12.0198 1808 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/17 17:46:12.0260 1808 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/17 17:46:12.0322 1808 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/17 17:46:12.0510 1808 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/17 17:46:12.0666 1808 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/17 17:46:12.0759 1808 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/17 17:46:12.0806 1808 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/17 17:46:12.0884 1808 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/17 17:46:12.0946 1808 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/17 17:46:13.0071 1808 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/17 17:46:13.0149 1808 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/17 17:46:13.0227 1808 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/17 17:46:13.0321 1808 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/17 17:46:13.0617 1808 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/17 17:46:13.0726 1808 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/17 17:46:13.0820 1808 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/07/17 17:46:13.0898 1808 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/07/17 17:46:14.0148 1808 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/07/17 17:46:14.0257 1808 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/07/17 17:46:14.0475 1808 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/17 17:46:14.0569 1808 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/17 17:46:14.0678 1808 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/17 17:46:14.0756 1808 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/17 17:46:14.0865 1808 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/17 17:46:14.0974 1808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/17 17:46:15.0021 1808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/17 17:46:15.0146 1808 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/17 17:46:15.0255 1808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/17 17:46:15.0349 1808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/17 17:46:15.0411 1808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/17 17:46:15.0505 1808 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/17 17:46:15.0614 1808 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/17 17:46:15.0661 1808 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/17 17:46:15.0770 1808 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/17 17:46:15.0817 1808 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/17 17:46:15.0895 1808 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/17 17:46:15.0973 1808 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/17 17:46:16.0004 1808 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/17 17:46:16.0051 1808 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/17 17:46:16.0176 1808 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\Windows\system32\DRIVERS\emDevice.sys
2011/07/17 17:46:16.0254 1808 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/17 17:46:16.0378 1808 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/17 17:46:16.0472 1808 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/17 17:46:16.0581 1808 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/17 17:46:16.0644 1808 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/07/17 17:46:16.0737 1808 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/17 17:46:16.0815 1808 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/17 17:46:16.0893 1808 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/17 17:46:17.0002 1808 emAudio (200da4f1964c11b3c19a07f937394624) C:\Windows\system32\drivers\emAudio.sys
2011/07/17 17:46:17.0096 1808 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/17 17:46:17.0408 1808 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/17 17:46:17.0455 1808 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/17 17:46:17.0517 1808 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/17 17:46:17.0595 1808 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/17 17:46:17.0642 1808 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/17 17:46:17.0704 1808 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\Windows\system32\DRIVERS\emFilter.sys
2011/07/17 17:46:17.0767 1808 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/17 17:46:17.0845 1808 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/17 17:46:18.0001 1808 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/17 17:46:18.0048 1808 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/17 17:46:18.0141 1808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/17 17:46:18.0235 1808 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/17 17:46:18.0360 1808 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/17 17:46:18.0406 1808 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/17 17:46:18.0484 1808 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/17 17:46:18.0547 1808 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/17 17:46:18.0687 1808 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/17 17:46:18.0781 1808 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/07/17 17:46:18.0859 1808 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/17 17:46:18.0937 1808 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/17 17:46:19.0062 1808 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/17 17:46:19.0233 1808 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/07/17 17:46:19.0280 1808 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/17 17:46:19.0467 1808 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/17 17:46:19.0608 1808 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/17 17:46:19.0764 1808 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/17 17:46:19.0904 1808 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/17 17:46:19.0935 1808 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/17 17:46:20.0013 1808 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/17 17:46:20.0107 1808 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/17 17:46:20.0138 1808 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/17 17:46:20.0263 1808 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/17 17:46:20.0325 1808 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/17 17:46:20.0388 1808 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/17 17:46:20.0512 1808 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/17 17:46:20.0590 1808 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/17 17:46:20.0684 1808 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/17 17:46:20.0746 1808 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/17 17:46:20.0840 1808 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/17 17:46:20.0902 1808 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/17 17:46:21.0027 1808 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/17 17:46:21.0105 1808 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/17 17:46:21.0168 1808 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/17 17:46:21.0214 1808 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/17 17:46:21.0246 1808 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/17 17:46:21.0339 1808 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/07/17 17:46:21.0417 1808 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/17 17:46:21.0464 1808 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/17 17:46:21.0526 1808 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/17 17:46:21.0651 1808 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/17 17:46:21.0729 1808 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/17 17:46:21.0792 1808 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/17 17:46:21.0838 1808 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/17 17:46:21.0916 1808 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/17 17:46:21.0979 1808 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/17 17:46:22.0010 1808 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/17 17:46:22.0072 1808 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/17 17:46:22.0135 1808 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/17 17:46:22.0228 1808 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/17 17:46:22.0306 1808 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/17 17:46:22.0322 1808 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/17 17:46:22.0369 1808 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/17 17:46:22.0416 1808 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/17 17:46:22.0462 1808 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/17 17:46:22.0494 1808 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/17 17:46:22.0556 1808 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/17 17:46:22.0618 1808 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/17 17:46:22.0712 1808 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/17 17:46:22.0759 1808 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/17 17:46:22.0806 1808 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/17 17:46:22.0868 1808 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/17 17:46:22.0977 1808 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/17 17:46:23.0040 1808 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/17 17:46:23.0102 1808 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/17 17:46:23.0133 1808 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/17 17:46:23.0180 1808 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/17 17:46:23.0305 1808 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/17 17:46:23.0352 1808 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/17 17:46:23.0383 1808 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/17 17:46:23.0445 1808 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/17 17:46:23.0539 1808 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/17 17:46:23.0617 1808 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/17 17:46:23.0664 1808 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/17 17:46:23.0773 1808 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/17 17:46:23.0835 1808 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/17 17:46:23.0882 1808 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/17 17:46:23.0960 1808 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/17 17:46:24.0038 1808 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/17 17:46:24.0069 1808 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/17 17:46:24.0225 1808 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/17 17:46:24.0272 1808 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/17 17:46:24.0334 1808 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/17 17:46:24.0397 1808 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/17 17:46:24.0490 1808 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/17 17:46:24.0553 1808 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/17 17:46:24.0615 1808 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/17 17:46:24.0740 1808 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/17 17:46:24.0880 1808 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/17 17:46:24.0958 1808 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/17 17:46:25.0052 1808 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/17 17:46:25.0130 1808 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/17 17:46:25.0192 1808 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/17 17:46:25.0302 1808 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/17 17:46:25.0348 1808 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/17 17:46:25.0863 1808 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/17 17:46:26.0019 1808 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/17 17:46:26.0066 1808 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/17 17:46:26.0128 1808 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/17 17:46:26.0175 1808 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/17 17:46:26.0238 1808 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/17 17:46:26.0331 1808 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/17 17:46:26.0409 1808 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/17 17:46:26.0440 1808 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/17 17:46:26.0518 1808 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/17 17:46:26.0612 1808 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/17 17:46:26.0721 1808 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/17 17:46:26.0784 1808 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\Windows\system32\DRIVERS\emScan.sys
2011/07/17 17:46:26.0862 1808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/17 17:46:26.0940 1808 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/17 17:46:27.0002 1808 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/17 17:46:27.0111 1808 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/17 17:46:27.0236 1808 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/17 17:46:27.0314 1808 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/17 17:46:27.0408 1808 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/17 17:46:27.0579 1808 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/17 17:46:27.0782 1808 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/17 17:46:27.0876 1808 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/17 17:46:27.0907 1808 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/17 17:46:27.0985 1808 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/17 17:46:28.0047 1808 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/17 17:46:28.0172 1808 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/17 17:46:28.0250 1808 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/17 17:46:28.0297 1808 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/17 17:46:28.0390 1808 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/17 17:46:28.0500 1808 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/17 17:46:28.0671 1808 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/17 17:46:28.0749 1808 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/17 17:46:28.0921 1808 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/17 17:46:29.0030 1808 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/17 17:46:29.0108 1808 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/17 17:46:29.0170 1808 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/17 17:46:29.0217 1808 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/17 17:46:29.0264 1808 tdx (c9499920131e67db270d4b366809da76) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/17 17:46:29.0264 1808 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: c9499920131e67db270d4b366809da76, Fake md5: 76b06eb8a01fc8624d699e7045303e54
2011/07/17 17:46:29.0280 1808 tdx - detected Rootkit.Win32.ZAccess.c (0)
2011/07/17 17:46:29.0373 1808 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/17 17:46:29.0529 1808 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/17 17:46:29.0638 1808 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/17 17:46:29.0701 1808 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/17 17:46:29.0748 1808 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/17 17:46:29.0810 1808 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/17 17:46:29.0904 1808 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/17 17:46:29.0997 1808 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/17 17:46:30.0106 1808 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/17 17:46:30.0200 1808 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/17 17:46:30.0262 1808 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/17 17:46:30.0325 1808 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/17 17:46:30.0403 1808 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/17 17:46:30.0543 1808 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/07/17 17:46:30.0621 1808 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/17 17:46:30.0684 1808 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/17 17:46:30.0746 1808 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/07/17 17:46:30.0886 1808 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/17 17:46:30.0949 1808 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/17 17:46:31.0027 1808 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/07/17 17:46:31.0120 1808 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/17 17:46:31.0230 1808 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/17 17:46:31.0261 1808 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/17 17:46:31.0308 1808 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/17 17:46:31.0386 1808 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/17 17:46:31.0495 1808 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/17 17:46:31.0557 1808 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/17 17:46:31.0729 1808 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/17 17:46:31.0776 1808 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/17 17:46:31.0822 1808 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/17 17:46:31.0963 1808 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/17 17:46:32.0041 1808 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/17 17:46:32.0212 1808 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/17 17:46:32.0322 1808 vpnva (2fa9fb828d29fed55efc800e267be09d) C:\Windows\system32\DRIVERS\vpnva.sys
2011/07/17 17:46:32.0384 1808 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/17 17:46:32.0540 1808 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/17 17:46:32.0587 1808 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/17 17:46:32.0618 1808 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/17 17:46:32.0680 1808 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/17 17:46:32.0743 1808 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/17 17:46:32.0930 1808 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/17 17:46:33.0055 1808 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/07/17 17:46:33.0164 1808 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/17 17:46:33.0351 1808 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/17 17:46:33.0398 1808 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/17 17:46:33.0460 1808 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/17 17:46:33.0538 1808 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/17 17:46:33.0601 1808 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/17 17:46:33.0648 1808 Boot (0x1200) (aa100edfd6df7028732f2fcfe76d5745) \Device\Harddisk0\DR0\Partition0
2011/07/17 17:46:33.0679 1808 Boot (0x1200) (c2bafeda4a58d94fbcc70978780a5c4d) \Device\Harddisk0\DR0\Partition1
2011/07/17 17:46:33.0694 1808 ================================================================================
2011/07/17 17:46:33.0694 1808 Scan finished
2011/07/17 17:46:33.0694 1808 ================================================================================
2011/07/17 17:46:33.0726 0280 Detected object count: 2
2011/07/17 17:46:33.0726 0280 Actual detected object count: 2
2011/07/17 17:46:42.0930 0280 LockedService.Multi.Generic(1214969294) - User select action: Skip
2011/07/17 17:46:43.0070 0280 tdx (c9499920131e67db270d4b366809da76) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/17 17:46:43.0070 0280 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: c9499920131e67db270d4b366809da76, Fake md5: 76b06eb8a01fc8624d699e7045303e54
2011/07/17 17:46:43.0288 0280 Backup copy found, using it..
2011/07/17 17:46:43.0304 0280 C:\Windows\system32\DRIVERS\tdx.sys - will be cured after reboot
2011/07/17 17:46:43.0304 0280 Rootkit.Win32.ZAccess.c(tdx) - User select action: Cure
2011/07/17 17:47:01.0618 4776 Deinitialize success

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 AM

Posted 17 July 2011 - 04:55 PM

Very well :)

Let's double check...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 marcncol

marcncol
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 05:01 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E60A000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82404000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82404000 PnpManager 3907584 bytes
0x82404000 RAW 3907584 bytes
0x82404000 WMIxWDM 3907584 bytes
0x98690000 Win32k 2113536 bytes
0x98690000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8F600000 C:\Windows\system32\drivers\RTKVHDA.sys 2052096 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8A806000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82A73000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F07E000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8A602000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DE000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xABB08000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F20B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x81044000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8ECC5000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A72E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80607000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82A02000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8F860000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x80414000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x81117000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xABA7F000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8FD06000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x8F00A000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8072C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F989000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80690000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8049D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8F324000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8EDB7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8FC9F000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8ED71000 C:\Windows\system32\DRIVERS\e1e6032.sys 241664 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x82BA9000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xABA06000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A916000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x81009000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8A7BB000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x827BE000 ACPI_HAL 208896 bytes
0x827BE000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807C8000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FC07000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8F2F5000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F18C000 C:\Windows\system32\DRIVERS\MarvinBus.sys 188416 bytes (Pinnacle Systems GmbH, Pinnacle Marvin Discrete Bus Enumerator)
0x8F80E000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82B7E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8F054000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xABAE0000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xABA57000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A966000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E7000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8F83B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8F392000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A99E000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x811CF000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F903000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8FDCE000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807AA000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x81184000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A6EC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FDB3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x811A1000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F2D7000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xABA3F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FCEF000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F370000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8FC58000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8F9E2000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8FC42000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F956000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x805BE000 C:\Windows\system32\drivers\48009903.sys 86016 bytes
0x811BA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8F3D8000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F3C4000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F975000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x81104000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FC7F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A98D000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8A98D000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F1D1000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80484000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805D3000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FD79000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x810F4000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80792000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8F3ED000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A710000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x805E3000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x8FDA4000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A957000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070E000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8F3B5000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A71F000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8071D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x988D0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FC71000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F93F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8077D000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8FD50000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F2BF000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8F1C4000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8FC92000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x80683000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8F9D6000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F8F7000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8ED65000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8FD5D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8F2CC000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x8F200000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8F181000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F934000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F387000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F365000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A9E8000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8EDAC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8FD9A000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8F1BA000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FCE5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8FDED000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8FCDB000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
!!!!!!!!!!!Hidden driver: 0x8FDF7000 2864499688 36864 bytes
0x8F96C000 C:\Windows\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xABBE6000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8A9BF000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F8D0000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8FD70000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8FD89000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x805F2000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F94D000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x988B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A707000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D6000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8FC39000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x8A9F3000 C:\Windows\System32\Drivers\1214969294.SYS 32768 bytes
0x807A2000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80495000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8FD68000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8FD92000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DF000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F924000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F92C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A94F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x81000000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F8E0000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F8F0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80776000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8040D000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F8D9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8078B000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8F2EF000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F9D1000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xABADC000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x81041000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8F3FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FC6F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x86A292FC unknown_irp_handler 3332 bytes
0xABAD4890 unknown_irp_handler 1904 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\1214969294.sys]
0xABAD56F0 Unknown thread object [ ETHREAD 0x86630570 ] TID: 1488, 600 bytes
0xABAD56F0 Unknown thread object [ ETHREAD 0x86630818 ] TID: 1496, 600 bytes
0x8FDFBD20 Unknown thread object [ ETHREAD 0x8580B9A8 ] TID: 2736, 600 bytes
0x8FDFBD20 Unknown thread object [ ETHREAD 0x85406D78 ] TID: 3940, 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 AM

Posted 17 July 2011 - 05:04 PM

There is still something going on there.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 marcncol

marcncol
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 July 2011 - 05:05 PM

I am running windows vista, do I need to turn off system restore?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users