GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-17 05:54:42 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 FUJITSU_MHY2250BH rev.0081000D 232.89GB Running: gmer.exe; Driver: C:\DOCUME~1\ANDRES~1\LOCALS~1\Temp\uxlyraoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA81A8AA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA81A957E] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwClose [0xA81ED85D] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA81B55C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA81B5614] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA81B57AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA81ED211] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA81B5536] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA81B5658] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA81B557E] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA81A9AB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA81B5768] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA81AA36C] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA81A8B06] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA81EDF23] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA81EE1D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA81ADB40] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA81EDD8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA81EDBF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA81A86F2] SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwMapViewOfSection [0xA84BE7B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA81A8B6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA81ADF36] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA81AAE54] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA81B55F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA81B5636] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA81B57D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA81ED56D] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA81B555C] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA81AD43A] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA81B56E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA81B55A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA81AD822] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA81B578C] SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA84BE556] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA81EDA74] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA81AACC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA81ED8C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA81AA81E] SSDT \SystemRoot\system32\drivers\aswSP.sys (avast! self protection module/AVAST Software) ZwRenameKey [0xA84CC526] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA81EC857] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA81A8BD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA81A8C38] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA81AA1E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA81A878C] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA81A895E] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA81EE02A] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA81A88EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA81AA536] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA81AA698] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA81A89E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA81AA024] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA81AA1C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA81A8C9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA81A95DA] Code \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) KeInsertQueueApc ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeInsertQueueApc 804FC4EA 5 Bytes JMP BA27CCA6 \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [D2, 8B, 1A, A8, 38, 8C, 1A, ...] {ROR [EBX-0x73c757e6], CL; SBB CH, [EAX-0x57e55e1a]} .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [36, A5, 1A, A8, 98, A6, 1A, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A81AB501 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF8099C2 5 Bytes JMP A81AF82C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D1 BF80C91F 5 Bytes JMP A81AF70A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF80FDD6 5 Bytes JMP A81AF6BE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 44FC BF81F489 5 Bytes JMP A81AE19E \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 197D BF821B96 5 Bytes JMP A81AEC94 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 11A6 BF82E3B0 5 Bytes JMP A81AE2FE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + C09 BF82F52E 5 Bytes JMP A81AF9A2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 2E84 BF839EBA 5 Bytes JMP A81AFBBC \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + B8FE BF842934 5 Bytes JMP A81AF5B2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + E0BA BF8450F0 5 Bytes JMP A81AEC76 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + F636 BF84666C 5 Bytes JMP A81AE39E \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 290F BF86910A 5 Bytes JMP A81AED6C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4BED BF86B3E8 5 Bytes JMP A81AE7D6 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86B473 5 Bytes JMP A81AEAB0 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 584E BF86C049 5 Bytes JMP A81AE082 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + AC2C BF871427 5 Bytes JMP A81AF75A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 67EE BF878651 5 Bytes JMP A81AF8E4 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35E9 BF891936 5 Bytes JMP A81AE89C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4126 BF892473 5 Bytes JMP A81AEA6A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8AF55F 5 Bytes JMP A81AED8A \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 2862 BF8B2C7D 5 Bytes JMP A81AFB14 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 3E8 BF8C1A6A 5 Bytes JMP A81AE4CE \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A5B0 BF8EAF87 5 Bytes JMP A81AECB2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFA48 3 Bytes JMP A81ADF6C \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19F3 BF8EFA4C 1 Byte [E8] .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1C17 3 Bytes JMP A81AE5B2 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BC2 BF8F1C1B 1 Byte [E8] .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F1E97 5 Bytes JMP A81AE6FA \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF914AE8 5 Bytes JMP A81AE286 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CEC BF914D94 5 Bytes JMP A81AEE34 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF9156BC 5 Bytes JMP A81AE466 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F95 BF91803D 5 Bytes JMP A81AEBD0 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 191B BF948590 5 Bytes JMP A81AFA66 \SystemRoot\system32\drivers\aswSnx.sys (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\svchost.exe[140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[140] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO) .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] USER32.dll!AlignRects 7E412A78 4 Bytes [F0, 28, 8F, 69] .text C:\WINDOWS\system32\svchost.exe[272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\AppleTimeSrv.exe[316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\AppleTimeSrv.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[532] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[532] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[600] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\afwServ.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[692] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Documents and Settings\Andre Stone\Application Data\Dropbox\bin\Dropbox.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Andre Stone\Application Data\Dropbox\bin\Dropbox.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\dmadmin.exe[1344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\dmadmin.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1432] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[1932] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe[2108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\DOCUME~1\ANDRES~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\DOCUME~1\ANDRES~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Boot Camp\KbdMgr.exe[3004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Boot Camp\KbdMgr.exe[3004] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3076] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3108] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO) .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] USER32.dll!AlignRects 7E412A78 4 Bytes [F0, 28, 8F, 69] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3460] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3528] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3684] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[240] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64CA8AF0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64CA8AF0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[1572] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002 IAT C:\WINDOWS\system32\services.exe[1572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000 IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64CA8AF0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0B74 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[3420] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0B74 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswNdis2.sys (avast! Filtering NDIS driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswNdis2.sys (avast! Filtering NDIS driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswNdis2.sys (avast! Filtering NDIS driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswNdis2.sys (avast! Filtering NDIS driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys (avast! TDI Filter Driver/AVAST Software) Device \Driver\BTHUSB \Device\000000bd bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\000000bf bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACaoetowqbwulhtiv.sys Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACaoetowqbwulhtiv.sys Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACkbmxkylwblfbqvn.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACgsnswuypdykrxhx.dat Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACgkldmyxqyreclsl.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACoylftewwfqfdwbw.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACmoyyxbehwebaerq.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACirfoxjqvfdittys.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACjqhxdpyrjxstwar.log Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACbtftuwmwqxcapcu.log Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACygmwjipvdairnrb.log Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACnmpjpelwqvsphtj.sys Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAClqpmykrdexusiut.dll Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACepttimxfqkheymq.dll Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACaipkpmprteyuxbw.log Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACpevstbqfpolnyvb.dat Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvbqbuyatmfvpfhe.dll Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACvcvwmsibjvhpyyq.dll Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACyuerrfuvlvkpdgrjs.log Reg HKLM\SYSTEM\ControlSet017\Services\BTHPORT\Parameters\Keys\001ff3b0c9c5 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001ff3b0c9c5 Reg HKLM\SYSTEM\ControlSet019\Services\BTHPORT\Parameters\Keys\001ff3b0c9c5 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- EOF - GMER 2.1 ----