Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ZeroAccess.hp removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: ZeroAccess.hp removal

Unread postby k_ramesh » February 4th, 2013, 7:43 am

GMER scan Part 4
.text C:\Program Files\DellTPad\Apoint.exe[4100] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007755a420 6 bytes {JMP QWORD [RIP+0x8b45c10]}
.text C:\Program Files\DellTPad\Apoint.exe[4100] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 6 bytes {JMP QWORD [RIP+0x8aee4e0]}
.text C:\Program Files\DellTPad\Apoint.exe[4100] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000775e8810 6 bytes {JMP QWORD [RIP+0x8a97820]}
.text C:\Windows\System32\igfxpers.exe[4124] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007755a420 6 bytes {JMP QWORD [RIP+0x8b45c10]}
.text C:\Windows\System32\igfxpers.exe[4124] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 6 bytes {JMP QWORD [RIP+0x8aee4e0]}
.text C:\Windows\System32\igfxpers.exe[4124] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000775e8810 6 bytes {JMP QWORD [RIP+0x8a97820]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a43ae0 6 bytes {JMP QWORD [RIP+0x85fc550]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a71400 6 bytes {JMP QWORD [RIP+0x85aec30]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a715d0 6 bytes {JMP QWORD [RIP+0x874ea60]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a71640 6 bytes {JMP QWORD [RIP+0x882e9f0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a71680 6 bytes {JMP QWORD [RIP+0x87ee9b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a71720 6 bytes {JMP QWORD [RIP+0x884e910]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a717b0 6 bytes {JMP QWORD [RIP+0x87ce880]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a717f0 6 bytes {JMP QWORD [RIP+0x86ce840]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a71840 6 bytes {JMP QWORD [RIP+0x86ee7f0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a71860 6 bytes {JMP QWORD [RIP+0x880e7d0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a71a50 6 bytes {JMP QWORD [RIP+0x88ce5e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a71b60 6 bytes {JMP QWORD [RIP+0x86ae4d0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a71c30 6 bytes {JMP QWORD [RIP+0x876e400]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a71d80 6 bytes {JMP QWORD [RIP+0x886e2b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a71d90 6 bytes {JMP QWORD [RIP+0x88ae2a0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a72100 6 bytes {JMP QWORD [RIP+0x878df30]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a72190 6 bytes {JMP QWORD [RIP+0x888dea0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a72a00 6 bytes {JMP QWORD [RIP+0x87ad630]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a72a80 6 bytes {JMP QWORD [RIP+0x870d5b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a72b00 6 bytes {JMP QWORD [RIP+0x872d530]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007755a420 6 bytes {JMP QWORD [RIP+0x8b45c10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 6 bytes {JMP QWORD [RIP+0x8aee4e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000775e8810 6 bytes {JMP QWORD [RIP+0x8a97820]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe149aa5 3 bytes [65, 65, 06]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe155290 5 bytes [FF, 25, A0, AD, 0A]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff7422cc 6 bytes {JMP QWORD [RIP+0x64dd64]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff748398 6 bytes {JMP QWORD [RIP+0x4a7c98]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff7489c8 6 bytes {JMP QWORD [RIP+0x487668]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1436] C:\Windows\system32\GDI32.dll!GetPixel 000007feff749344 6 bytes {JMP QWORD [RIP+0x626cec]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a43ae0 6 bytes {JMP QWORD [RIP+0x85fc550]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a71400 6 bytes {JMP QWORD [RIP+0x85aec30]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a715d0 6 bytes {JMP QWORD [RIP+0x874ea60]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a71640 6 bytes {JMP QWORD [RIP+0x882e9f0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a71680 6 bytes {JMP QWORD [RIP+0x87ee9b0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a71720 6 bytes {JMP QWORD [RIP+0x884e910]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a717b0 6 bytes {JMP QWORD [RIP+0x87ce880]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a717f0 6 bytes {JMP QWORD [RIP+0x86ce840]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a71840 6 bytes {JMP QWORD [RIP+0x86ee7f0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a71860 6 bytes {JMP QWORD [RIP+0x880e7d0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a71a50 6 bytes {JMP QWORD [RIP+0x88ce5e0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a71b60 6 bytes {JMP QWORD [RIP+0x86ae4d0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a71c30 6 bytes {JMP QWORD [RIP+0x876e400]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a71d80 6 bytes {JMP QWORD [RIP+0x886e2b0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a71d90 6 bytes {JMP QWORD [RIP+0x88ae2a0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a72100 6 bytes {JMP QWORD [RIP+0x878df30]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a72190 6 bytes {JMP QWORD [RIP+0x888dea0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a72a00 6 bytes {JMP QWORD [RIP+0x87ad630]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a72a80 6 bytes {JMP QWORD [RIP+0x870d5b0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a72b00 6 bytes {JMP QWORD [RIP+0x872d530]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007755a420 6 bytes {JMP QWORD [RIP+0x8b45c10]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 6 bytes {JMP QWORD [RIP+0x8aee4e0]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000775e8810 6 bytes {JMP QWORD [RIP+0x8a97820]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe149aa5 3 bytes [65, 65, 06]
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe155290 5 bytes [FF, 25, A0, AD, 0A]
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff7422cc 6 bytes {JMP QWORD [RIP+0x64dd64]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff748398 6 bytes {JMP QWORD [RIP+0x4a7c98]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff7489c8 6 bytes {JMP QWORD [RIP+0x487668]}
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\system32\GDI32.dll!GetPixel 000007feff749344 6 bytes {JMP QWORD [RIP+0x626cec]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2032] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007755a420 6 bytes {JMP QWORD [RIP+0x8b45c10]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2032] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 6 bytes {JMP QWORD [RIP+0x8aee4e0]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2032] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000775e8810 6 bytes {JMP QWORD [RIP+0x8a97820]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe149aa5 3 bytes [65, 65, 06]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2032] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe155290 5 bytes [FF, 25, A0, AD, 0A]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5288] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a43ae0 6 bytes {JMP QWORD [RIP+0x85fc550]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a71400 6 bytes {JMP QWORD [RIP+0x85aec30]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a715d0 6 bytes {JMP QWORD [RIP+0x874ea60]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a71640 6 bytes {JMP QWORD [RIP+0x882e9f0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a71680 6 bytes {JMP QWORD [RIP+0x87ee9b0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a71720 6 bytes {JMP QWORD [RIP+0x884e910]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a717b0 6 bytes {JMP QWORD [RIP+0x87ce880]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a717f0 6 bytes {JMP QWORD [RIP+0x86ce840]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a71840 6 bytes {JMP QWORD [RIP+0x86ee7f0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a71860 6 bytes {JMP QWORD [RIP+0x880e7d0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a71a50 6 bytes {JMP QWORD [RIP+0x88ce5e0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a71b60 6 bytes {JMP QWORD [RIP+0x86ae4d0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a71c30 6 bytes {JMP QWORD [RIP+0x876e400]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a71d80 6 bytes {JMP QWORD [RIP+0x886e2b0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a71d90 6 bytes {JMP QWORD [RIP+0x88ae2a0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a72100 6 bytes {JMP QWORD [RIP+0x878df30]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a72190 6 bytes {JMP QWORD [RIP+0x888dea0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a72a00 6 bytes {JMP QWORD [RIP+0x87ad630]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a72a80 6 bytes {JMP QWORD [RIP+0x870d5b0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a72b00 6 bytes {JMP QWORD [RIP+0x872d530]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007755a420 6 bytes {JMP QWORD [RIP+0x8b45c10]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 6 bytes {JMP QWORD [RIP+0x8aee4e0]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000775e8810 6 bytes {JMP QWORD [RIP+0x8a97820]}
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe149aa5 3 bytes [65, 65, 06]
.text C:\Windows\system32\svchost.exe[5620] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe155290 5 bytes [FF, 25, A0, AD, 0A]
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a43ae0 6 bytes {JMP QWORD [RIP+0x85fc550]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a71400 6 bytes {JMP QWORD [RIP+0x85aec30]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a715d0 6 bytes {JMP QWORD [RIP+0x874ea60]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a71640 6 bytes {JMP QWORD [RIP+0x882e9f0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a71680 6 bytes {JMP QWORD [RIP+0x87ee9b0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a71720 6 bytes {JMP QWORD [RIP+0x884e910]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a717b0 6 bytes {JMP QWORD [RIP+0x87ce880]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a717f0 6 bytes {JMP QWORD [RIP+0x86ce840]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a71840 6 bytes {JMP QWORD [RIP+0x86ee7f0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a71860 6 bytes {JMP QWORD [RIP+0x880e7d0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a71a50 6 bytes {JMP QWORD [RIP+0x88ce5e0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a71b60 6 bytes {JMP QWORD [RIP+0x86ae4d0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a71c30 6 bytes {JMP QWORD [RIP+0x876e400]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a71d80 6 bytes {JMP QWORD [RIP+0x886e2b0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a71d90 6 bytes {JMP QWORD [RIP+0x88ae2a0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a72100 6 bytes {JMP QWORD [RIP+0x878df30]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a72190 6 bytes {JMP QWORD [RIP+0x888dea0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a72a00 6 bytes {JMP QWORD [RIP+0x87ad630]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a72a80 6 bytes {JMP QWORD [RIP+0x870d5b0]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a72b00 6 bytes {JMP QWORD [RIP+0x872d530]}
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe149aa5 3 bytes [65, 65, 06]
.text C:\Windows\System32\svchost.exe[5756] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe155290 5 bytes [FF, 25, A0, AD, 0A]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a43ae0 6 bytes {JMP QWORD [RIP+0x85fc550]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a71400 6 bytes {JMP QWORD [RIP+0x85aec30]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a715d0 6 bytes {JMP QWORD [RIP+0x874ea60]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a71640 6 bytes {JMP QWORD [RIP+0x882e9f0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a71680 6 bytes {JMP QWORD [RIP+0x87ee9b0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a71720 6 bytes {JMP QWORD [RIP+0x884e910]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a717b0 6 bytes {JMP QWORD [RIP+0x87ce880]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a717f0 6 bytes {JMP QWORD [RIP+0x86ce840]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a71840 6 bytes {JMP QWORD [RIP+0x86ee7f0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a71860 6 bytes {JMP QWORD [RIP+0x880e7d0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a71a50 6 bytes {JMP QWORD [RIP+0x88ce5e0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a71b60 6 bytes {JMP QWORD [RIP+0x86ae4d0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a71c30 6 bytes {JMP QWORD [RIP+0x876e400]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a71d80 6 bytes {JMP QWORD [RIP+0x886e2b0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a71d90 6 bytes {JMP QWORD [RIP+0x88ae2a0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a72100 6 bytes {JMP QWORD [RIP+0x878df30]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a72190 6 bytes {JMP QWORD [RIP+0x888dea0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a72a00 6 bytes {JMP QWORD [RIP+0x87ad630]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a72a80 6 bytes {JMP QWORD [RIP+0x870d5b0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a72b00 6 bytes {JMP QWORD [RIP+0x872d530]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe149aa5 3 bytes [65, 65, 06]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5376] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe155290 5 bytes [FF, 25, A0, AD, 0A]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5164] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5948] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [65, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [50, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [56, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [4D, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [59, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [71, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [6E, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [53, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [41, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [74, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [62, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [4A, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [44, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [5F, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [47, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [5C, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [6B, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [68, 71]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007580f776 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075812c91 4 bytes {CALL QWORD [RIP+0x71ac000a]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000753658b3 6 bytes {JMP QWORD [RIP+0x7180001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075367bcc 6 bytes {JMP QWORD [RIP+0x718f001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007536cbfb 6 bytes {JMP QWORD [RIP+0x7189001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007536e743 6 bytes {JMP QWORD [RIP+0x718c001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007586ee09 6 bytes {JMP QWORD [RIP+0x7177001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075877603 6 bytes {JMP QWORD [RIP+0x717a001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007587835c 6 bytes {JMP QWORD [RIP+0x717d001e]}
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[4432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075bf2538 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
k_ramesh
Regular Member
 
Posts: 16
Joined: February 1st, 2013, 1:02 pm
Location: Singapore
Advertisement
Register to Remove

Re: ZeroAccess.hp removal

Unread postby k_ramesh » February 4th, 2013, 7:45 am

GMER scan Part 5
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[6288] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6372] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6436] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [65, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [50, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [56, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [4D, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [59, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [71, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [6E, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [53, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [41, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [74, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [62, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [4A, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [44, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [5F, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [47, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [5C, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [6B, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [68, 71]
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe[6740] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6796] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007580f776 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075812c91 4 bytes {CALL QWORD [RIP+0x71ac000a]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7288] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075bf2538 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007580f776 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075812c91 4 bytes {CALL QWORD [RIP+0x71ac000a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007580f776 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[7864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075812c91 4 bytes {CALL QWORD [RIP+0x71ac000a]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007580f776 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075812c91 4 bytes {CALL QWORD [RIP+0x71ac000a]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes [79, 75]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes [79, 75]
k_ramesh
Regular Member
 
Posts: 16
Joined: February 1st, 2013, 1:02 pm
Location: Singapore

Re: ZeroAccess.hp removal

Unread postby k_ramesh » February 4th, 2013, 7:46 am

GMER scan Part 6 Last part
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes [79, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007586ee09 6 bytes {JMP QWORD [RIP+0x717d001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075877603 6 bytes {JMP QWORD [RIP+0x7180001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007587835c 6 bytes {JMP QWORD [RIP+0x7183001e]}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[8012] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075bf2538 6 bytes {JMP QWORD [RIP+0x7195001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [43, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [4C, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [46, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [49, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[264] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a43ae0 6 bytes {JMP QWORD [RIP+0x85fc550]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a71400 6 bytes {JMP QWORD [RIP+0x85aec30]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a715d0 6 bytes {JMP QWORD [RIP+0x874ea60]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a71640 6 bytes {JMP QWORD [RIP+0x882e9f0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a71680 6 bytes {JMP QWORD [RIP+0x87ee9b0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a71720 6 bytes {JMP QWORD [RIP+0x884e910]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a717b0 6 bytes {JMP QWORD [RIP+0x87ce880]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a717f0 6 bytes {JMP QWORD [RIP+0x86ce840]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a71840 6 bytes {JMP QWORD [RIP+0x86ee7f0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a71860 6 bytes {JMP QWORD [RIP+0x880e7d0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a71a50 6 bytes {JMP QWORD [RIP+0x88ce5e0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a71b60 6 bytes {JMP QWORD [RIP+0x86ae4d0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a71c30 6 bytes {JMP QWORD [RIP+0x876e400]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a71d80 6 bytes {JMP QWORD [RIP+0x886e2b0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a71d90 6 bytes {JMP QWORD [RIP+0x88ae2a0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a72100 6 bytes {JMP QWORD [RIP+0x878df30]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a72190 6 bytes {JMP QWORD [RIP+0x888dea0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a72a00 6 bytes {JMP QWORD [RIP+0x87ad630]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a72a80 6 bytes {JMP QWORD [RIP+0x870d5b0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a72b00 6 bytes {JMP QWORD [RIP+0x872d530]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\kernel32.dll!CreateProcessAsUserW 000000007755a420 6 bytes {JMP QWORD [RIP+0x8b45c10]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\kernel32.dll!CreateProcessW 0000000077571b50 6 bytes {JMP QWORD [RIP+0x8aee4e0]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\kernel32.dll!CreateProcessA 00000000775e8810 6 bytes {JMP QWORD [RIP+0x8a97820]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe149aa5 3 bytes [65, 65, 06]
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe155290 5 bytes [FF, 25, A0, AD, 0A]
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\GDI32.dll!DeleteDC 000007feff7422cc 6 bytes {JMP QWORD [RIP+0x64dd64]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\GDI32.dll!CreateDCW 000007feff748398 6 bytes {JMP QWORD [RIP+0x4a7c98]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\GDI32.dll!CreateDCA 000007feff7489c8 6 bytes {JMP QWORD [RIP+0x487668]}
.text C:\Windows\system32\AUDIODG.EXE[1552] C:\Windows\System32\GDI32.dll!GetPixel 000007feff749344 6 bytes {JMP QWORD [RIP+0x626cec]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c1f9c0 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c1f9c4 2 bytes [AE, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c1fc90 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c1fc94 2 bytes [6B, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c1fd44 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c1fd48 2 bytes [56, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c1fda8 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c1fdac 2 bytes [5C, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c1fea0 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c1fea4 2 bytes [53, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c1ff84 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c1ff88 2 bytes [5F, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c1ffe4 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c1ffe8 2 bytes [77, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c20064 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c20068 2 bytes [74, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c20094 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c20098 2 bytes [59, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c20398 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c2039c 2 bytes [47, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c20530 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c20534 2 bytes [7A, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c20674 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c20678 2 bytes [68, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c2086c 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c20870 2 bytes [50, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c20884 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c20888 2 bytes [4A, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c20dd4 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c20dd8 2 bytes [65, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c20eb8 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c20ebc 2 bytes [4D, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c21bc4 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c21bc8 2 bytes [62, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c21c94 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c21c98 2 bytes [71, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c21d6c 3 bytes [FF, 25, 1E]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c21d70 2 bytes [6E, 71]
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c41217 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007720103d 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077201072 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007722c9b5 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007580f776 6 bytes {JMP QWORD [RIP+0x719e001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075812c91 4 bytes {CALL QWORD [RIP+0x71ac000a]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007586ee09 6 bytes {JMP QWORD [RIP+0x717d001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075877603 6 bytes {JMP QWORD [RIP+0x7180001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007587835c 6 bytes {JMP QWORD [RIP+0x7183001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000753658b3 6 bytes {JMP QWORD [RIP+0x7186001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075367bcc 6 bytes {JMP QWORD [RIP+0x718f001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007536cbfb 6 bytes {JMP QWORD [RIP+0x7189001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007536e743 6 bytes {JMP QWORD [RIP+0x718c001e]}
.text C:\Software\virus\um59ijft.exe[6472] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075bf2538 6 bytes {JMP QWORD [RIP+0x7195001e]}

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Windows\system32\mfevtps.exe[2816] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f0ab9f0] C:\Windows\system32\mfevtps.exe
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef7df2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef7df2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef7df7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef7df8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef7df1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef7df1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef7df81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef7df2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef7df7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef7df6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef7df77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef7df7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef7df6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3144] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef7df5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmStartSession] [7fef2c56544] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmSetMachineId] [7fef2c52b98] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmSetAppVersion] [7fef2c57064] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmGetSession] [7fef2c51c00] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmSet] [7fef2c52878] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmAddToStreamDWord] [7fef2c577bc] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmWriteSharedMachineId] [7fef2c57de0] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmReadSharedUserId] [7fef2c522c8] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmReadSharedMachineId] [7fef2c51908] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmEndSession] [7fef2c55e30] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmSetUserId] [7fef2c52c90] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmSetAppId] [7fef2c52750] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmWriteSharedUserId] [7fef2c57fcc] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmAddToStreamString] [7fef2c57a5c] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmSetBool] [7fef2c56830] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmWaitForUploadComplete] [7fef2c586fc] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmStartUpload] [7fef2c581d8] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmCreateNewId] [7fef2c58130] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\Microsoft Device Center\ipoint.exe[5352] @ C:\Program Files\Microsoft Device Center\ipoint.exe[sqmapi.dll!SqmIncrement] [7fef2c56c48] C:\Program Files\Microsoft Device Center\sqmapi.dll
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [13f85eb70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetModuleHandleA] [13f85fbf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExA] [13f85fa70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!DeleteObject] [13f85de30] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassA] [13f85ec50] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [13f85eda0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!GetSysColor] [13f85ddc0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!GetSystemMetrics] [13f85eef0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[GDI32.dll!DeleteObject] [13f85de30] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!SystemParametersInfoW] [13f85f140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!AdjustWindowRectEx] [13f85f320] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!SetScrollInfo] [13f85dfd0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!SetScrollPos] [13f85df10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!EnableScrollBar] [13f85e080] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!GetScrollInfo] [13f85e140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!CallWindowProcW] [13f85e1f0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!DrawEdge] [13f85f640] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!GetSysColor] [13f85ddc0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!GetSystemMetrics] [13f85eef0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!DrawFrameControl] [13f85f6d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!FillRect] [13f85f590] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!GetSysColorBrush] [13f85de90] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!CreateThread] [13f85eb70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!LoadLibraryExA] [13f85fa70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!AdjustWindowRect] [13f85f470] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!GetSysColorBrush] [13f85de90] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!GetScrollInfo] [13f85e140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SystemParametersInfoW] [13f85f140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!DrawEdge] [13f85f640] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!AdjustWindowRectEx] [13f85f320] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SetScrollInfo] [13f85dfd0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SetScrollPos] [13f85df10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!CallWindowProcW] [13f85e1f0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!GetSysColor] [13f85ddc0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [13f85eda0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SHELL32.dll[USER32.dll!FillRect] [13f85f590] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ole32.dll[GDI32.dll!DeleteObject] [13f85de30] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ole32.dll[USER32.dll!CallWindowProcW] [13f85e1f0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ole32.dll[USER32.dll!SystemParametersInfoW] [13f85f140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ole32.dll[USER32.dll!GetSystemMetrics] [13f85eef0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ole32.dll[USER32.dll!GetSysColor] [13f85ddc0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [13f85eda0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA] [13f85fa70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateThread] [13f85eb70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!RegisterClassW] [13f85eda0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!SystemParametersInfoW] [13f85f140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!GetSysColor] [13f85ddc0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!GetSystemMetrics] [13f85eef0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\OLEAUT32.dll[GDI32.dll!DeleteObject] [13f85de30] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!CreateThread] [13f85eb70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!GetModuleHandleA] [13f85fbf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[USER32.dll!GetSystemMetrics] [13f85eef0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[USER32.dll!GetSysColor] [13f85ddc0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[USER32.dll!RegisterClassA] [13f85ec50] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[GDI32.dll!DeleteObject] [13f85de30] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[USER32.dll!RegisterClassA] [13f85ec50] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[USER32.dll!SystemParametersInfoW] [13f85f140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetModuleHandleA] [13f85fbf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateThread] [13f85eb70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExA] [13f85fa70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[USER32.dll!GetSystemMetrics] [13f85eef0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[USER32.dll!SystemParametersInfoW] [13f85f140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[USER32.dll!RegisterClassA] [13f85ec50] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExA] [13f85fa70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!CreateThread] [13f85eb70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\IMM32.dll[USER32.dll!SystemParametersInfoW] [13f85f140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\IMM32.dll[USER32.dll!DrawEdge] [13f85f640] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\IMM32.dll[USER32.dll!GetSystemMetrics] [13f85eef0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!CreateThread] [13f85eb70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\IMM32.dll[GDI32.dll!DeleteObject] [13f85de30] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryExA] [13f85fa70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExA] [13f85fa70] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetModuleHandleA] [13f85fbf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExW] [13f85faf0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [13f85fd10] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryW] [13f85fa20] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[GDI32.dll!DeleteObject] [13f85de30] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!GetSysColor] [13f85ddc0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!GetSystemMetrics] [13f85eef0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!SystemParametersInfoW] [13f85f140] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
IAT C:\Program Files\COMODO\COMODO Internet Security\cis.exe[6928] @ C:\Windows\system32\imagehlp.dll[KERNEL32.dll!LoadLibraryA] [13f85f9d0] C:\Program Files\COMODO\COMODO Internet Security\cis.exe

---- Threads - GMER 2.0 ----

Thread C:\Program Files\Microsoft Device Center\itype.exe [5336:6008] 0000000070831dbc
Thread C:\Program Files\Microsoft Device Center\itype.exe [5336:6012] 0000000070831dbc
Thread C:\Program Files\Microsoft Device Center\itype.exe [5336:6016] 000007feea2ad880

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43534f8e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43534f8e@2cd2e71ea6bd 0x7A 0xB5 0xF9 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 1644
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43534f8e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43534f8e@2cd2e71ea6bd 0x7A 0xB5 0xF9 0x8E ...
Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\31\Rules\1\Allowed@Num 53
Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Data@Timestamp.{BEBAFD97-F7E0-43C2-A7DF-0D1B5EE26620} 0x06 0x9C 0x0E 0x51 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\temp\aulauncher.exe 1

---- EOF - GMER 2.0 ----
This is the last part of GMER scan..
k_ramesh
Regular Member
 
Posts: 16
Joined: February 1st, 2013, 1:02 pm
Location: Singapore

Re: ZeroAccess.hp removal

Unread postby deltalima » February 4th, 2013, 8:10 am

Hi k_ramesh,

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool. Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue

    DO NOT change the default actions, other than CURE to SKIP.

  7. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the log file in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ZeroAccess.hp removal

Unread postby k_ramesh » February 4th, 2013, 8:33 am

Hi deltalima,

TDS scan went through without requesting any reboot. I have closed TDS scanner without generating the report.
Below is the copy and paste from the TDS scanner log in the disk.
20:27:33.0008 9084 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:27:35.0036 9084 ============================================================
20:27:35.0036 9084 Current date / time: 2013/02/04 20:27:35.0036
20:27:35.0036 9084 SystemInfo:
20:27:35.0036 9084
20:27:35.0036 9084 OS Version: 6.1.7601 ServicePack: 1.0
20:27:35.0036 9084 Product type: Workstation
20:27:35.0036 9084 ComputerName: KRAMESH-PC
20:27:35.0036 9084 UserName: kramesh
20:27:35.0036 9084 Windows directory: C:\Windows
20:27:35.0036 9084 System windows directory: C:\Windows
20:27:35.0036 9084 Running under WOW64
20:27:35.0036 9084 Processor architecture: Intel x64
20:27:35.0036 9084 Number of processors: 8
20:27:35.0036 9084 Page size: 0x1000
20:27:35.0036 9084 Boot type: Normal boot
20:27:35.0036 9084 ============================================================
20:27:35.0395 9084 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:27:35.0410 9084 ============================================================
20:27:35.0410 9084 \Device\Harddisk0\DR0:
20:27:35.0410 9084 MBR partitions:
20:27:35.0410 9084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1F55000
20:27:35.0410 9084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F69000, BlocksNum 0x3B84A800
20:27:35.0426 9084 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3D7B4000, BlocksNum 0x36F52000
20:27:35.0426 9084 ============================================================
20:27:35.0473 9084 C: <-> \Device\Harddisk0\DR0\Partition2
20:27:35.0504 9084 F: <-> \Device\Harddisk0\DR0\Partition3
20:27:35.0504 9084 ============================================================
20:27:35.0504 9084 Initialize success
20:27:35.0504 9084 ============================================================
20:27:45.0488 6012 ============================================================
20:27:45.0488 6012 Scan started
20:27:45.0488 6012 Mode: Manual; SigCheck;
20:27:45.0488 6012 ============================================================
20:27:46.0081 6012 ================ Scan system memory ========================
20:27:46.0081 6012 System memory - ok
20:27:46.0081 6012 ================ Scan services =============================
20:27:46.0237 6012 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:27:46.0315 6012 1394ohci - ok
20:27:46.0330 6012 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:27:46.0361 6012 ACPI - ok
20:27:46.0377 6012 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:27:46.0393 6012 AcpiPmi - ok
20:27:46.0471 6012 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:27:46.0486 6012 AdobeARMservice - ok
20:27:46.0564 6012 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:27:46.0580 6012 AdobeFlashPlayerUpdateSvc - ok
20:27:46.0611 6012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:27:46.0627 6012 adp94xx - ok
20:27:46.0673 6012 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:27:46.0689 6012 adpahci - ok
20:27:46.0705 6012 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:27:46.0720 6012 adpu320 - ok
20:27:46.0736 6012 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:27:46.0767 6012 AeLookupSvc - ok
20:27:46.0829 6012 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:27:46.0861 6012 AFD - ok
20:27:46.0892 6012 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:27:46.0907 6012 agp440 - ok
20:27:46.0954 6012 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:27:46.0985 6012 ALG - ok
20:27:47.0001 6012 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:27:47.0017 6012 aliide - ok
20:27:47.0126 6012 ALSysIO - ok
20:27:47.0157 6012 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:27:47.0188 6012 amdide - ok
20:27:47.0219 6012 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:27:47.0235 6012 AmdK8 - ok
20:27:47.0235 6012 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:27:47.0251 6012 AmdPPM - ok
20:27:47.0282 6012 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:27:47.0282 6012 amdsata - ok
20:27:47.0313 6012 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:27:47.0344 6012 amdsbs - ok
20:27:47.0375 6012 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:27:47.0391 6012 amdxata - ok
20:27:47.0438 6012 [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
20:27:47.0469 6012 AMPPAL - ok
20:27:47.0531 6012 [ DC855A333010ECF306D89A344492A589 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
20:27:47.0563 6012 ApfiltrService - ok
20:27:47.0609 6012 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:27:47.0656 6012 AppID - ok
20:27:47.0687 6012 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:27:47.0719 6012 AppIDSvc - ok
20:27:47.0719 6012 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:27:47.0750 6012 Appinfo - ok
20:27:47.0812 6012 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:27:47.0843 6012 Apple Mobile Device - ok
20:27:47.0906 6012 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:27:47.0937 6012 arc - ok
20:27:47.0999 6012 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:27:48.0015 6012 arcsas - ok
20:27:48.0077 6012 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:27:48.0109 6012 aspnet_state - ok
20:27:48.0140 6012 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:48.0171 6012 AsyncMac - ok
20:27:48.0218 6012 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:27:48.0249 6012 atapi - ok
20:27:48.0296 6012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:27:48.0327 6012 AudioEndpointBuilder - ok
20:27:48.0343 6012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:27:48.0374 6012 AudioSrv - ok
20:27:48.0421 6012 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:27:48.0436 6012 AxInstSV - ok
20:27:48.0483 6012 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:27:48.0499 6012 b06bdrv - ok
20:27:48.0530 6012 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:27:48.0545 6012 b57nd60a - ok
20:27:48.0577 6012 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:27:48.0608 6012 BBSvc - ok
20:27:48.0639 6012 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:27:48.0670 6012 BBUpdate - ok
20:27:48.0686 6012 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:27:48.0701 6012 BDESVC - ok
20:27:48.0733 6012 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:27:48.0764 6012 Beep - ok
20:27:48.0811 6012 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:27:48.0842 6012 BFE - ok
20:27:48.0889 6012 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:27:49.0029 6012 BITS - ok
20:27:49.0060 6012 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:27:49.0107 6012 blbdrive - ok
20:27:49.0201 6012 [ 883D931697B804EBA802BE0061E7A902 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:27:49.0247 6012 Bluetooth Device Monitor - ok
20:27:49.0325 6012 [ C7A590C6B249B3CB4724F9863ED6D18A ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:27:49.0357 6012 Bluetooth Media Service - ok
20:27:49.0403 6012 [ CC1C3137DE8A2C858E450D286A87C6BC ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:27:49.0419 6012 Bluetooth OBEX Service - ok
20:27:49.0481 6012 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:27:49.0544 6012 Bonjour Service - ok
20:27:49.0575 6012 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:27:49.0637 6012 bowser - ok
20:27:49.0653 6012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:27:49.0700 6012 BrFiltLo - ok
20:27:49.0700 6012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:27:49.0715 6012 BrFiltUp - ok
20:27:49.0747 6012 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:27:49.0793 6012 BridgeMP - ok
20:27:49.0825 6012 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:27:49.0887 6012 Browser - ok
20:27:49.0903 6012 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:27:49.0965 6012 Brserid - ok
20:27:49.0981 6012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:27:50.0027 6012 BrSerWdm - ok
20:27:50.0043 6012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:27:50.0074 6012 BrUsbMdm - ok
20:27:50.0074 6012 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:27:50.0121 6012 BrUsbSer - ok
20:27:50.0152 6012 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:27:50.0230 6012 BthEnum - ok
20:27:50.0246 6012 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:27:50.0308 6012 BTHMODEM - ok
20:27:50.0324 6012 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:27:50.0371 6012 BthPan - ok
20:27:50.0402 6012 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:27:50.0480 6012 BTHPORT - ok
20:27:50.0495 6012 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:27:50.0573 6012 bthserv - ok
20:27:50.0589 6012 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:27:50.0620 6012 BTHUSB - ok
20:27:50.0620 6012 btmaudio - ok
20:27:50.0667 6012 [ 49E91B6E57D0BD0CC590471C276757BC ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
20:27:50.0683 6012 btmaux - ok
20:27:50.0729 6012 [ AC249CEB05F96B927FABDF22B6ABEE40 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
20:27:50.0776 6012 btmhsf - ok
20:27:50.0823 6012 catchme - ok
20:27:50.0823 6012 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:27:50.0901 6012 cdfs - ok
20:27:50.0932 6012 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:27:50.0979 6012 cdrom - ok
20:27:51.0010 6012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:27:51.0073 6012 CertPropSvc - ok
20:27:51.0104 6012 [ A73276435F75025DA6E67B2470E1FE16 ] cfwids C:\Windows\system32\drivers\cfwids.sys
20:27:51.0119 6012 cfwids - ok
20:27:51.0151 6012 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:27:51.0197 6012 circlass - ok
20:27:51.0244 6012 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:27:51.0275 6012 CLFS - ok
20:27:51.0338 6012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:51.0369 6012 clr_optimization_v2.0.50727_32 - ok
20:27:51.0400 6012 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:27:51.0431 6012 clr_optimization_v2.0.50727_64 - ok
20:27:51.0494 6012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:27:51.0525 6012 clr_optimization_v4.0.30319_32 - ok
20:27:51.0541 6012 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:27:51.0556 6012 clr_optimization_v4.0.30319_64 - ok
20:27:51.0572 6012 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:27:51.0603 6012 CmBatt - ok
20:27:51.0743 6012 [ 5739E651DAD5BA8216AD3BB0450C2E3A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:27:51.0806 6012 cmdAgent - ok
20:27:51.0837 6012 [ 57F363A3F1C4EC88B3A8739928BE48FE ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
20:27:51.0868 6012 cmderd - ok
20:27:51.0899 6012 [ A4A328ECC7892BED9EC957748FA551B8 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
20:27:51.0915 6012 cmdGuard - ok
20:27:51.0962 6012 [ F83599D056E111F4DD2EB236D0774419 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
20:27:52.0024 6012 cmdHlp - ok
20:27:52.0040 6012 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:27:52.0055 6012 cmdide - ok
20:27:52.0071 6012 [ ABE06E030311E1E4AA8E3BBA7B3B5FBC ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
20:27:52.0087 6012 cmdvirth - ok
20:27:52.0118 6012 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:27:52.0149 6012 CNG - ok
20:27:52.0211 6012 [ D154861655575786335549F3208B133F ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
20:27:52.0274 6012 CnxtHdAudService - ok
20:27:52.0321 6012 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:27:52.0321 6012 Compbatt - ok
20:27:52.0352 6012 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:27:52.0399 6012 CompositeBus - ok
20:27:52.0414 6012 COMSysApp - ok
20:27:52.0508 6012 [ 4B90D323FC38FE13230C2A1EE18896E1 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:27:52.0601 6012 cphs - ok
20:27:52.0633 6012 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:27:52.0664 6012 crcdisk - ok
20:27:52.0711 6012 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:27:52.0789 6012 CryptSvc - ok
20:27:52.0851 6012 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:27:52.0898 6012 CtClsFlt - ok
20:27:52.0945 6012 [ 9A59DF2CA690019FEA3B265D5A7EB619 ] CxUtilSvc C:\Program Files\Conexant\SA3\CxUtilSvc.exe
20:27:52.0976 6012 CxUtilSvc - ok
20:27:53.0007 6012 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
20:27:53.0038 6012 dc3d - ok
20:27:53.0069 6012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:27:53.0116 6012 DcomLaunch - ok
20:27:53.0132 6012 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:27:53.0179 6012 defragsvc - ok
20:27:53.0225 6012 [ A97BD43C2628D7274C88A3B4CE785EFB ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
20:27:53.0319 6012 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
20:27:53.0319 6012 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
20:27:53.0335 6012 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:27:53.0413 6012 DfsC - ok
20:27:53.0444 6012 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:27:53.0522 6012 Dhcp - ok
20:27:53.0553 6012 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:27:53.0600 6012 discache - ok
20:27:53.0615 6012 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:27:53.0631 6012 Disk - ok
20:27:53.0662 6012 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:27:53.0709 6012 Dnscache - ok
20:27:53.0709 6012 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:27:53.0787 6012 dot3svc - ok
20:27:53.0803 6012 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:27:53.0849 6012 DPS - ok
20:27:53.0881 6012 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:27:53.0927 6012 drmkaud - ok
20:27:53.0974 6012 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:27:54.0005 6012 DXGKrnl - ok
20:27:54.0052 6012 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:27:54.0099 6012 EapHost - ok
20:27:54.0177 6012 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:27:54.0286 6012 ebdrv - ok
20:27:54.0302 6012 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:27:54.0395 6012 EFS - ok
20:27:54.0473 6012 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:27:54.0551 6012 ehRecvr - ok
20:27:54.0567 6012 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:27:54.0614 6012 ehSched - ok
20:27:54.0661 6012 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:27:54.0707 6012 elxstor - ok
20:27:54.0739 6012 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
20:27:54.0801 6012 EPSON_EB_RPCV4_04 - ok
20:27:54.0817 6012 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
20:27:54.0848 6012 EPSON_PM_RPCV4_04 - ok
20:27:54.0863 6012 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:27:54.0879 6012 ErrDev - ok
20:27:54.0910 6012 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:27:54.0941 6012 EventSystem - ok
20:27:54.0973 6012 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:27:55.0035 6012 exfat - ok
20:27:55.0066 6012 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
20:27:55.0082 6012 FACAP - ok
20:27:55.0191 6012 [ D3A9A39880298495788CDBB4BCD1C324 ] FAService C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
20:27:55.0238 6012 FAService ( UnsignedFile.Multi.Generic ) - warning
20:27:55.0238 6012 FAService - detected UnsignedFile.Multi.Generic (1)
20:27:55.0253 6012 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:27:55.0316 6012 fastfat - ok
20:27:55.0347 6012 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:27:55.0441 6012 Fax - ok
20:27:55.0472 6012 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:27:55.0519 6012 fdc - ok
20:27:55.0550 6012 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:27:55.0597 6012 fdPHost - ok
20:27:55.0612 6012 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:27:55.0659 6012 FDResPub - ok
20:27:55.0690 6012 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:27:55.0690 6012 FileInfo - ok
20:27:55.0706 6012 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:27:55.0784 6012 Filetrace - ok
20:27:55.0799 6012 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:27:55.0815 6012 flpydisk - ok
20:27:55.0831 6012 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:27:55.0846 6012 FltMgr - ok
20:27:55.0877 6012 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:27:55.0971 6012 FontCache - ok
20:27:56.0018 6012 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:27:56.0049 6012 FontCache3.0.0.0 - ok
20:27:56.0065 6012 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:27:56.0080 6012 FsDepends - ok
20:27:56.0111 6012 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:27:56.0143 6012 Fs_Rec - ok
20:27:56.0158 6012 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:27:56.0174 6012 fvevol - ok
20:27:56.0205 6012 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:27:56.0221 6012 gagp30kx - ok
20:27:56.0267 6012 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:27:56.0330 6012 GEARAspiWDM - ok
20:27:56.0377 6012 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:27:56.0470 6012 gpsvc - ok
20:27:56.0486 6012 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:27:56.0548 6012 hcw85cir - ok
20:27:56.0579 6012 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:27:56.0626 6012 HDAudBus - ok
20:27:56.0642 6012 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:27:56.0689 6012 HidBatt - ok
20:27:56.0689 6012 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:27:56.0720 6012 HidBth - ok
20:27:56.0720 6012 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:27:56.0735 6012 HidIr - ok
20:27:56.0751 6012 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:27:56.0798 6012 hidserv - ok
20:27:56.0829 6012 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:27:56.0829 6012 HidUsb - ok
20:27:56.0876 6012 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
20:27:56.0891 6012 HipShieldK - ok
20:27:56.0938 6012 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:27:57.0016 6012 hkmsvc - ok
20:27:57.0032 6012 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:27:57.0094 6012 HomeGroupListener - ok
20:27:57.0110 6012 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:27:57.0141 6012 HomeGroupProvider - ok
20:27:57.0172 6012 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:27:57.0188 6012 HpSAMD - ok
20:27:57.0219 6012 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:27:57.0281 6012 HTCAND64 - ok
20:27:57.0344 6012 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
20:27:57.0406 6012 htcnprot - ok
20:27:57.0422 6012 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:27:57.0484 6012 HTTP - ok
20:27:57.0515 6012 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:27:57.0547 6012 hwpolicy - ok
20:27:57.0578 6012 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:27:57.0609 6012 i8042prt - ok
20:27:57.0640 6012 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys
20:27:57.0687 6012 iaStor - ok
20:27:57.0765 6012 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:27:57.0796 6012 IAStorDataMgrSvc - ok
20:27:57.0827 6012 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:27:57.0859 6012 iaStorV - ok
20:27:57.0890 6012 [ C430482AC892D52CED021EDDD4D368A2 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
20:27:57.0921 6012 ibtfltcoex - ok
20:27:57.0983 6012 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:27:58.0030 6012 idsvc - ok
20:27:58.0249 6012 [ 3FB253E8059A1AAC3A8B83A31D094CC5 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:27:58.0561 6012 igfx - ok
20:27:58.0592 6012 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:27:58.0607 6012 iirsp - ok
20:27:58.0639 6012 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:27:58.0685 6012 IKEEXT - ok
20:27:58.0717 6012 [ 6B30F07E71411FF1EACCC8FE31214C92 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
20:27:58.0748 6012 inspect - ok
20:27:58.0779 6012 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
20:27:58.0810 6012 intaud_WaveExtensible - ok
20:27:58.0873 6012 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:27:58.0919 6012 IntcDAud - ok
20:27:58.0951 6012 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:27:58.0997 6012 Intel(R) Capability Licensing Service Interface - ok
20:27:59.0029 6012 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:27:59.0060 6012 intelide - ok
20:27:59.0091 6012 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:27:59.0138 6012 intelppm - ok
20:27:59.0185 6012 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:27:59.0247 6012 IPBusEnum - ok
20:27:59.0247 6012 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:59.0294 6012 IpFilterDriver - ok
20:27:59.0341 6012 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:27:59.0419 6012 iphlpsvc - ok
20:27:59.0434 6012 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:27:59.0450 6012 IPMIDRV - ok
20:27:59.0481 6012 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:27:59.0543 6012 IPNAT - ok
20:27:59.0606 6012 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:27:59.0653 6012 iPod Service - ok
20:27:59.0684 6012 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:27:59.0715 6012 IRENUM - ok
20:27:59.0731 6012 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:27:59.0746 6012 isapnp - ok
20:27:59.0762 6012 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:27:59.0777 6012 iScsiPrt - ok
20:27:59.0793 6012 [ 7A4D015FF432645C55C162DADAEA143E ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
20:27:59.0809 6012 iusb3hcs - ok
20:27:59.0840 6012 [ 5D6164479F6F900ACD287FDC6935532E ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
20:27:59.0855 6012 iusb3hub - ok
20:27:59.0887 6012 [ 9F5687C7EFA906E4F33586D393F7C257 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:27:59.0902 6012 iusb3xhc - ok
20:27:59.0965 6012 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
20:27:59.0980 6012 iwdbus - ok
20:27:59.0996 6012 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:28:00.0011 6012 kbdclass - ok
20:28:00.0043 6012 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:28:00.0058 6012 kbdhid - ok
20:28:00.0089 6012 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:28:00.0105 6012 KeyIso - ok
20:28:00.0105 6012 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:28:00.0121 6012 KSecDD - ok
20:28:00.0152 6012 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:28:00.0261 6012 KSecPkg - ok
20:28:00.0292 6012 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:28:00.0370 6012 ksthunk - ok
20:28:00.0401 6012 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:28:00.0495 6012 KtmRm - ok
20:28:00.0526 6012 [ 875805538A76210489D65A37332085E9 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:28:00.0557 6012 L1C - ok
20:28:00.0589 6012 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:28:00.0651 6012 LanmanServer - ok
20:28:00.0667 6012 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:28:00.0713 6012 LanmanWorkstation - ok
20:28:00.0745 6012 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:28:00.0807 6012 lltdio - ok
20:28:00.0838 6012 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:28:00.0901 6012 lltdsvc - ok
20:28:00.0901 6012 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:28:00.0947 6012 lmhosts - ok
20:28:00.0994 6012 [ AB41542FA180CB3317F597ED7E7D5C5D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:28:01.0041 6012 LMS - ok
20:28:01.0088 6012 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:28:01.0119 6012 LSI_FC - ok
20:28:01.0150 6012 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:28:01.0150 6012 LSI_SAS - ok
20:28:01.0166 6012 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:28:01.0181 6012 LSI_SAS2 - ok
20:28:01.0197 6012 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:28:01.0213 6012 LSI_SCSI - ok
20:28:01.0244 6012 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:28:01.0275 6012 luafv - ok
20:28:01.0337 6012 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
20:28:01.0353 6012 McAWFwk - ok
20:28:01.0431 6012 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:28:01.0447 6012 McMPFSvc - ok
20:28:01.0478 6012 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:28:01.0493 6012 mcmscsvc - ok
20:28:01.0509 6012 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:28:01.0525 6012 McNaiAnn - ok
20:28:01.0540 6012 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:28:01.0540 6012 McNASvc - ok
20:28:01.0603 6012 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
20:28:01.0618 6012 McODS - ok
20:28:01.0634 6012 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:28:01.0649 6012 McOobeSv - ok
20:28:01.0649 6012 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:28:01.0665 6012 McProxy - ok
20:28:01.0743 6012 [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:28:01.0759 6012 McShield - ok
20:28:01.0790 6012 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:28:01.0821 6012 Mcx2Svc - ok
20:28:01.0852 6012 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:28:01.0868 6012 megasas - ok
20:28:01.0899 6012 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:28:01.0930 6012 MegaSR - ok
20:28:01.0977 6012 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:28:01.0993 6012 MEIx64 - ok
20:28:02.0039 6012 [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
20:28:02.0071 6012 mfeapfk - ok
20:28:02.0086 6012 [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
20:28:02.0102 6012 mfeavfk - ok
20:28:02.0117 6012 mfeavfk01 - ok
20:28:02.0164 6012 [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:28:02.0180 6012 mfefire - ok
20:28:02.0227 6012 [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
20:28:02.0258 6012 mfefirek - ok
20:28:02.0289 6012 [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
20:28:02.0320 6012 mfehidk - ok
20:28:02.0351 6012 [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
20:28:02.0383 6012 mferkdet - ok
20:28:02.0398 6012 [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp C:\Windows\system32\mfevtps.exe
20:28:02.0476 6012 mfevtp - ok
20:28:02.0476 6012 [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
20:28:02.0492 6012 mfewfpk - ok
20:28:02.0507 6012 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:28:02.0570 6012 MMCSS - ok
20:28:02.0585 6012 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:28:02.0648 6012 Modem - ok
20:28:02.0679 6012 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:28:02.0726 6012 monitor - ok
20:28:02.0741 6012 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:28:02.0773 6012 mouclass - ok
20:28:02.0788 6012 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:28:02.0819 6012 mouhid - ok
20:28:02.0851 6012 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:28:02.0851 6012 mountmgr - ok
20:28:02.0929 6012 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:28:02.0960 6012 MozillaMaintenance - ok
20:28:02.0975 6012 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:28:03.0022 6012 mpio - ok
20:28:03.0038 6012 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:28:03.0069 6012 mpsdrv - ok
20:28:03.0131 6012 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:28:03.0209 6012 MpsSvc - ok
20:28:03.0225 6012 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:28:03.0256 6012 MRxDAV - ok
20:28:03.0272 6012 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:28:03.0303 6012 mrxsmb - ok
20:28:03.0319 6012 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:28:03.0334 6012 mrxsmb10 - ok
20:28:03.0350 6012 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:28:03.0365 6012 mrxsmb20 - ok
20:28:03.0397 6012 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:28:03.0412 6012 msahci - ok
20:28:03.0443 6012 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:28:03.0459 6012 msdsm - ok
20:28:03.0475 6012 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:28:03.0506 6012 MSDTC - ok
20:28:03.0521 6012 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:28:03.0553 6012 Msfs - ok
20:28:03.0568 6012 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:28:03.0615 6012 mshidkmdf - ok
20:28:03.0631 6012 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:28:03.0646 6012 msisadrv - ok
20:28:03.0693 6012 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:28:03.0740 6012 MSiSCSI - ok
20:28:03.0755 6012 msiserver - ok
20:28:03.0771 6012 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:28:03.0802 6012 MSK80Service - ok
20:28:03.0833 6012 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:28:03.0880 6012 MSKSSRV - ok
20:28:03.0896 6012 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:28:03.0943 6012 MSPCLOCK - ok
20:28:03.0943 6012 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:28:03.0989 6012 MSPQM - ok
20:28:04.0005 6012 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:28:04.0021 6012 MsRPC - ok
20:28:04.0036 6012 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:28:04.0052 6012 mssmbios - ok
20:28:04.0052 6012 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:28:04.0130 6012 MSTEE - ok
20:28:04.0145 6012 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:28:04.0161 6012 MTConfig - ok
20:28:04.0177 6012 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:28:04.0177 6012 Mup - ok
20:28:04.0208 6012 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:28:04.0239 6012 napagent - ok
20:28:04.0270 6012 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:28:04.0333 6012 NativeWifiP - ok
20:28:04.0426 6012 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
20:28:04.0457 6012 NBService - ok
20:28:04.0504 6012 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:28:04.0520 6012 NDIS - ok
20:28:04.0567 6012 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:28:04.0629 6012 NdisCap - ok
20:28:04.0660 6012 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:28:04.0676 6012 NdisTapi - ok
20:28:04.0707 6012 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:28:04.0738 6012 Ndisuio - ok
20:28:04.0769 6012 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:28:04.0816 6012 NdisWan - ok
20:28:04.0832 6012 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:28:04.0879 6012 NDProxy - ok
20:28:04.0910 6012 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:28:04.0988 6012 NetBIOS - ok
20:28:05.0003 6012 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:28:05.0050 6012 NetBT - ok
20:28:05.0081 6012 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:28:05.0097 6012 Netlogon - ok
20:28:05.0128 6012 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:28:05.0159 6012 Netman - ok
20:28:05.0206 6012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:05.0237 6012 NetMsmqActivator - ok
20:28:05.0237 6012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:05.0253 6012 NetPipeActivator - ok
20:28:05.0253 6012 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:28:05.0347 6012 netprofm - ok
20:28:05.0347 6012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:05.0362 6012 NetTcpActivator - ok
20:28:05.0362 6012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:05.0378 6012 NetTcpPortSharing - ok
20:28:05.0549 6012 [ 98CF53F7B23F77D082805D5DBBD99A4E ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
20:28:05.0783 6012 NETwNs64 - ok
20:28:05.0815 6012 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:28:05.0846 6012 nfrd960 - ok
20:28:05.0877 6012 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:28:05.0893 6012 NlaSvc - ok
20:28:05.0971 6012 [ E584D6668E6A3923FF32E026A5ED2A03 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
20:28:06.0002 6012 NMIndexingService - ok
20:28:06.0111 6012 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
20:28:06.0158 6012 NOBU - ok
20:28:06.0173 6012 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
20:28:06.0251 6012 NPF - ok
20:28:06.0267 6012 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:28:06.0298 6012 Npfs - ok
20:28:06.0329 6012 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:28:06.0376 6012 nsi - ok
20:28:06.0392 6012 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:28:06.0423 6012 nsiproxy - ok
20:28:06.0485 6012 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:28:06.0532 6012 Ntfs - ok
20:28:06.0532 6012 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:28:06.0579 6012 Null - ok
20:28:06.0782 6012 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:28:07.0000 6012 nvlddmkm - ok
20:28:07.0016 6012 [ 6D785C898F9D70905A90655F4D0D0AFB ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
20:28:07.0031 6012 nvpciflt - ok
20:28:07.0063 6012 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:28:07.0109 6012 nvraid - ok
20:28:07.0141 6012 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:28:07.0156 6012 nvstor - ok
20:28:07.0172 6012 [ 1A36DF2393F627D6C1107B554EBA55E8 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
20:28:07.0187 6012 NvStUSB - ok
20:28:07.0234 6012 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:28:07.0265 6012 nvsvc - ok
20:28:07.0328 6012 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:28:07.0359 6012 nvUpdatusService - ok
20:28:07.0390 6012 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:28:07.0406 6012 nv_agp - ok
20:28:07.0437 6012 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:28:07.0468 6012 ohci1394 - ok
20:28:07.0531 6012 [ B9C125314A025127FE562C116D614AA3 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:28:07.0609 6012 ose64 - ok
20:28:07.0733 6012 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:28:07.0796 6012 osppsvc - ok
20:28:07.0827 6012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:28:07.0874 6012 p2pimsvc - ok
20:28:07.0905 6012 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:28:07.0936 6012 p2psvc - ok
20:28:07.0967 6012 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:28:07.0983 6012 Parport - ok
20:28:08.0014 6012 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:28:08.0045 6012 partmgr - ok
20:28:08.0077 6012 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
20:28:08.0092 6012 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
20:28:08.0092 6012 PassThru Service - detected UnsignedFile.Multi.Generic (1)
20:28:08.0123 6012 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:28:08.0170 6012 PcaSvc - ok
20:28:08.0186 6012 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:28:08.0201 6012 pci - ok
20:28:08.0233 6012 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:28:08.0248 6012 pciide - ok
20:28:08.0279 6012 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:28:08.0311 6012 pcmcia - ok
20:28:08.0326 6012 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:28:08.0342 6012 pcw - ok
20:28:08.0357 6012 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:28:08.0404 6012 PEAUTH - ok
20:28:08.0482 6012 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:28:08.0529 6012 PerfHost - ok
20:28:08.0560 6012 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:28:08.0669 6012 pla - ok
20:28:08.0701 6012 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:28:08.0810 6012 PlugPlay - ok
20:28:08.0825 6012 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:28:08.0872 6012 PNRPAutoReg - ok
20:28:08.0888 6012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:28:08.0903 6012 PNRPsvc - ok
20:28:08.0935 6012 [ 6F5DDC52A9103CC8E1ED5892C1D15613 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
20:28:08.0997 6012 Point64 - ok
20:28:09.0013 6012 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:28:09.0059 6012 PolicyAgent - ok
20:28:09.0091 6012 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
20:28:09.0153 6012 Power - ok
20:28:09.0169 6012 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:28:09.0215 6012 PptpMiniport - ok
20:28:09.0231 6012 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:28:09.0262 6012 Processor - ok
20:28:09.0278 6012 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:28:09.0356 6012 ProfSvc - ok
20:28:09.0371 6012 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:28:09.0403 6012 ProtectedStorage - ok
20:28:09.0418 6012 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:28:09.0465 6012 Psched - ok
20:28:09.0512 6012 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:28:09.0590 6012 ql2300 - ok
20:28:09.0590 6012 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:28:09.0605 6012 ql40xx - ok
20:28:09.0637 6012 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:28:09.0652 6012 QWAVE - ok
20:28:09.0668 6012 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:28:09.0730 6012 QWAVEdrv - ok
20:28:09.0730 6012 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:28:09.0761 6012 RasAcd - ok
20:28:09.0793 6012 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:28:09.0855 6012 RasAgileVpn - ok
20:28:09.0871 6012 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:28:09.0917 6012 RasAuto - ok
20:28:09.0933 6012 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:28:09.0980 6012 Rasl2tp - ok
20:28:09.0995 6012 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:28:10.0120 6012 RasMan - ok
20:28:10.0120 6012 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:28:10.0183 6012 RasPppoe - ok
20:28:10.0198 6012 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:28:10.0245 6012 RasSstp - ok
20:28:10.0261 6012 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:28:10.0307 6012 rdbss - ok
20:28:10.0323 6012 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:28:10.0339 6012 rdpbus - ok
20:28:10.0354 6012 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:28:10.0401 6012 RDPCDD - ok
20:28:10.0432 6012 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:28:10.0479 6012 RDPENCDD - ok
20:28:10.0526 6012 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:28:10.0573 6012 RDPREFMP - ok
20:28:10.0635 6012 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:28:10.0682 6012 RdpVideoMiniport - ok
20:28:10.0713 6012 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:28:10.0807 6012 RDPWD - ok
20:28:10.0822 6012 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:28:10.0838 6012 rdyboost - ok
20:28:10.0916 6012 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
20:28:10.0931 6012 RealNetworks Downloader Resolver Service - ok
20:28:10.0978 6012 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:28:11.0041 6012 RemoteAccess - ok
20:28:11.0056 6012 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:28:11.0087 6012 RemoteRegistry - ok
20:28:11.0119 6012 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:28:11.0134 6012 RFCOMM - ok
20:28:11.0197 6012 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
20:28:11.0259 6012 rpcapd - ok
20:28:11.0306 6012 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:28:11.0337 6012 RpcEptMapper - ok
20:28:11.0368 6012 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:28:11.0415 6012 RpcLocator - ok
20:28:11.0431 6012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:28:11.0462 6012 RpcSs - ok
20:28:11.0493 6012 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:28:11.0540 6012 rspndr - ok
20:28:11.0571 6012 [ 36FCA0C67BCDC0DA047F5F36743B5CB9 ] RSUSBVSTOR C:\Windows\system32\Drivers\RTSUVSTOR.sys
20:28:11.0587 6012 RSUSBVSTOR - ok
20:28:11.0587 6012 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:28:11.0602 6012 SamSs - ok
20:28:11.0618 6012 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:28:11.0633 6012 sbp2port - ok
20:28:11.0649 6012 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:28:11.0711 6012 SCardSvr - ok
20:28:11.0758 6012 [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:28:11.0789 6012 SCDEmu - ok
20:28:11.0821 6012 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:28:11.0852 6012 scfilter - ok
20:28:11.0883 6012 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:28:11.0914 6012 Schedule - ok
20:28:11.0930 6012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:28:11.0961 6012 SCPolicySvc - ok
20:28:11.0961 6012 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:28:12.0039 6012 SDRSVC - ok
20:28:12.0086 6012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:28:12.0133 6012 secdrv - ok
20:28:12.0164 6012 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:28:12.0195 6012 seclogon - ok
20:28:12.0211 6012 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:28:12.0242 6012 SENS - ok
20:28:12.0257 6012 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:28:12.0320 6012 SensrSvc - ok
20:28:12.0351 6012 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:28:12.0398 6012 Serenum - ok
20:28:12.0413 6012 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:28:12.0445 6012 Serial - ok
20:28:12.0445 6012 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:28:12.0476 6012 sermouse - ok
20:28:12.0491 6012 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:28:12.0554 6012 SessionEnv - ok
20:28:12.0585 6012 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:28:12.0601 6012 sffdisk - ok
20:28:12.0601 6012 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:28:12.0632 6012 sffp_mmc - ok
20:28:12.0632 6012 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:28:12.0647 6012 sffp_sd - ok
20:28:12.0663 6012 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:28:12.0694 6012 sfloppy - ok
20:28:12.0757 6012 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:28:12.0803 6012 SftService - ok
20:28:12.0866 6012 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:28:12.0928 6012 SharedAccess - ok
20:28:12.0944 6012 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:28:12.0991 6012 ShellHWDetection - ok
20:28:13.0022 6012 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:28:13.0037 6012 SiSRaid2 - ok
20:28:13.0037 6012 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:28:13.0053 6012 SiSRaid4 - ok
20:28:13.0115 6012 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:28:13.0147 6012 SkypeUpdate - ok
20:28:13.0178 6012 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:28:13.0240 6012 Smb - ok
20:28:13.0287 6012 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:28:13.0318 6012 SNMPTRAP - ok
20:28:13.0334 6012 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:28:13.0349 6012 spldr - ok
20:28:13.0365 6012 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:28:13.0412 6012 Spooler - ok
20:28:13.0505 6012 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:28:13.0615 6012 sppsvc - ok
20:28:13.0630 6012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:28:13.0661 6012 sppuinotify - ok
20:28:13.0708 6012 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:28:13.0755 6012 srv - ok
20:28:13.0786 6012 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:28:13.0817 6012 srv2 - ok
20:28:13.0833 6012 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:28:13.0864 6012 srvnet - ok
20:28:13.0895 6012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:28:13.0958 6012 SSDPSRV - ok
20:28:13.0973 6012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:28:14.0005 6012 SstpSvc - ok
20:28:14.0036 6012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:28:14.0067 6012 stexstor - ok
20:28:14.0098 6012 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:28:14.0129 6012 stisvc - ok
20:28:14.0145 6012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:28:14.0161 6012 swenum - ok
20:28:14.0176 6012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:28:14.0207 6012 swprv - ok
20:28:14.0254 6012 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:28:14.0332 6012 SysMain - ok
20:28:14.0348 6012 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:28:14.0410 6012 TabletInputService - ok
20:28:14.0426 6012 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:28:14.0473 6012 TapiSrv - ok
20:28:14.0488 6012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:28:14.0535 6012 TBS - ok
20:28:14.0597 6012 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:28:14.0675 6012 Tcpip - ok
20:28:14.0722 6012 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:28:14.0753 6012 TCPIP6 - ok
20:28:14.0769 6012 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:28:14.0831 6012 tcpipreg - ok
20:28:14.0894 6012 TDKLIB - ok
20:28:14.0941 6012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:28:14.0987 6012 TDPIPE - ok
20:28:15.0034 6012 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:28:15.0081 6012 TDTCP - ok
20:28:15.0097 6012 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:28:15.0128 6012 tdx - ok
20:28:15.0175 6012 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:28:15.0190 6012 TermDD - ok
20:28:15.0237 6012 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:28:15.0284 6012 TermService - ok
20:28:15.0299 6012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:28:15.0331 6012 Themes - ok
20:28:15.0362 6012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:28:15.0409 6012 THREADORDER - ok
20:28:15.0424 6012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:28:15.0455 6012 TrkWks - ok
20:28:15.0502 6012 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:28:15.0580 6012 TrustedInstaller - ok
20:28:15.0611 6012 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:28:15.0643 6012 tssecsrv - ok
20:28:15.0674 6012 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:28:15.0689 6012 TsUsbFlt - ok
20:28:15.0705 6012 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:28:15.0767 6012 TsUsbGD - ok
20:28:15.0830 6012 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:28:15.0877 6012 tunnel - ok
20:28:15.0908 6012 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
20:28:15.0939 6012 TurboB - ok
20:28:15.0970 6012 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:28:15.0986 6012 TurboBoost - ok
20:28:15.0986 6012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:28:16.0001 6012 uagp35 - ok
20:28:16.0017 6012 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:28:16.0048 6012 udfs - ok
20:28:16.0079 6012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:28:16.0111 6012 UI0Detect - ok
20:28:16.0142 6012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:28:16.0157 6012 uliagpkx - ok
20:28:16.0173 6012 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:28:16.0251 6012 umbus - ok
20:28:16.0267 6012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:28:16.0282 6012 UmPass - ok
20:28:16.0329 6012 [ 182BBA1B43898D5DA0938D2E9A526B31 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:28:16.0360 6012 UNS - ok
20:28:16.0391 6012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:28:16.0423 6012 upnphost - ok
20:28:16.0454 6012 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:28:16.0501 6012 USBAAPL64 - ok
20:28:16.0532 6012 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:28:16.0594 6012 usbccgp - ok
20:28:16.0625 6012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:28:16.0672 6012 usbcir - ok
20:28:16.0703 6012 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:28:16.0781 6012 usbehci - ok
20:28:16.0828 6012 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:28:16.0859 6012 usbhub - ok
20:28:16.0875 6012 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:28:16.0891 6012 usbohci - ok
20:28:16.0906 6012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:28:16.0953 6012 usbprint - ok
20:28:16.0969 6012 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:28:17.0000 6012 usbscan - ok
20:28:17.0000 6012 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:28:17.0062 6012 USBSTOR - ok
20:28:17.0078 6012 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:28:17.0125 6012 usbuhci - ok
20:28:17.0171 6012 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:28:17.0249 6012 usbvideo - ok
20:28:17.0265 6012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:28:17.0296 6012 UxSms - ok
20:28:17.0312 6012 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:28:17.0327 6012 VaultSvc - ok
20:28:17.0343 6012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:28:17.0359 6012 vdrvroot - ok
20:28:17.0374 6012 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:28:17.0405 6012 vds - ok
20:28:17.0421 6012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:28:17.0437 6012 vga - ok
20:28:17.0452 6012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:28:17.0499 6012 VgaSave - ok
20:28:17.0515 6012 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:28:17.0530 6012 vhdmp - ok
20:28:17.0577 6012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:28:17.0577 6012 viaide - ok
20:28:17.0593 6012 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:28:17.0608 6012 volmgr - ok
20:28:17.0624 6012 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:28:17.0639 6012 volmgrx - ok
20:28:17.0655 6012 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:28:17.0655 6012 volsnap - ok
20:28:17.0686 6012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:28:17.0702 6012 vsmraid - ok
20:28:17.0764 6012 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:28:17.0858 6012 VSS - ok
20:28:17.0873 6012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:28:17.0905 6012 vwifibus - ok
20:28:17.0920 6012 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:28:17.0967 6012 vwififlt - ok
20:28:17.0983 6012 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:28:17.0998 6012 vwifimp - ok
20:28:18.0029 6012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:28:18.0107 6012 W32Time - ok
20:28:18.0139 6012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:28:18.0170 6012 WacomPen - ok
20:28:18.0185 6012 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:28:18.0232 6012 WANARP - ok
20:28:18.0248 6012 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:28:18.0263 6012 Wanarpv6 - ok
20:28:18.0310 6012 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:28:18.0373 6012 WatAdminSvc - ok
20:28:18.0419 6012 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:28:18.0497 6012 wbengine - ok
20:28:18.0529 6012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:28:18.0560 6012 WbioSrvc - ok
20:28:18.0575 6012 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:28:18.0607 6012 wcncsvc - ok
20:28:18.0622 6012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:28:18.0653 6012 WcsPlugInService - ok
20:28:18.0685 6012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:28:18.0716 6012 Wd - ok
20:28:18.0747 6012 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
20:28:18.0794 6012 WDC_SAM - ok
20:28:18.0841 6012 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:28:18.0887 6012 Wdf01000 - ok
20:28:18.0919 6012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:28:18.0981 6012 WdiServiceHost - ok
20:28:18.0997 6012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:28:19.0012 6012 WdiSystemHost - ok
20:28:19.0028 6012 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:28:19.0075 6012 WebClient - ok
20:28:19.0090 6012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:28:19.0137 6012 Wecsvc - ok
20:28:19.0153 6012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:28:19.0184 6012 wercplsupport - ok
20:28:19.0199 6012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:28:19.0231 6012 WerSvc - ok
20:28:19.0262 6012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:28:19.0309 6012 WfpLwf - ok
20:28:19.0355 6012 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:28:19.0433 6012 WimFltr - ok
20:28:19.0465 6012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:28:19.0480 6012 WIMMount - ok
20:28:19.0496 6012 WinDefend - ok
20:28:19.0511 6012 WinHttpAutoProxySvc - ok
20:28:19.0574 6012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:28:19.0636 6012 Winmgmt - ok
20:28:19.0683 6012 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:28:19.0823 6012 WinRM - ok
20:28:19.0886 6012 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:28:19.0933 6012 WinUsb - ok
20:28:19.0995 6012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:28:20.0042 6012 Wlansvc - ok
20:28:20.0089 6012 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:28:20.0120 6012 wlcrasvc - ok
20:28:20.0213 6012 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:28:20.0260 6012 wlidsvc - ok
20:28:20.0276 6012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:28:20.0323 6012 WmiAcpi - ok
20:28:20.0369 6012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:28:20.0416 6012 wmiApSrv - ok
20:28:20.0463 6012 WMPNetworkSvc - ok
20:28:20.0494 6012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:28:20.0541 6012 WPCSvc - ok
20:28:20.0588 6012 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:28:20.0619 6012 WPDBusEnum - ok
20:28:20.0650 6012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:28:20.0681 6012 ws2ifsl - ok
20:28:20.0697 6012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:28:20.0759 6012 wscsvc - ok
20:28:20.0775 6012 WSearch - ok
20:28:20.0822 6012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:28:20.0884 6012 wuauserv - ok
20:28:20.0931 6012 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:28:21.0025 6012 WudfPf - ok
20:28:21.0071 6012 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:28:21.0103 6012 WUDFRd - ok
20:28:21.0118 6012 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:28:21.0149 6012 wudfsvc - ok
20:28:21.0181 6012 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:28:21.0227 6012 WwanSvc - ok
20:28:21.0305 6012 ================ Scan global ===============================
20:28:21.0321 6012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:28:21.0352 6012 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:28:21.0368 6012 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:28:21.0383 6012 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:28:21.0415 6012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:28:21.0430 6012 [Global] - ok
20:28:21.0430 6012 ================ Scan MBR ==================================
20:28:21.0446 6012 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:28:21.0649 6012 \Device\Harddisk0\DR0 - ok
20:28:21.0649 6012 ================ Scan VBR ==================================
20:28:21.0649 6012 [ A8C7C11C0D8ACE865F91317C0469D693 ] \Device\Harddisk0\DR0\Partition1
20:28:21.0664 6012 \Device\Harddisk0\DR0\Partition1 - ok
20:28:21.0664 6012 [ D33D507BBF20D676C5498AD022410264 ] \Device\Harddisk0\DR0\Partition2
20:28:21.0664 6012 \Device\Harddisk0\DR0\Partition2 - ok
20:28:21.0695 6012 [ D6AF81B73B6723A58109398120FF228A ] \Device\Harddisk0\DR0\Partition3
20:28:21.0695 6012 \Device\Harddisk0\DR0\Partition3 - ok
20:28:21.0695 6012 ============================================================
20:28:21.0695 6012 Scan finished
20:28:21.0695 6012 ============================================================
20:28:21.0711 3928 Detected object count: 3
20:28:21.0711 3928 Actual detected object count: 3
20:28:44.0924 3928 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:44.0924 3928 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:44.0924 3928 FAService ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:44.0924 3928 FAService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:44.0924 3928 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:44.0924 3928 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:50.0087 7732 Deinitialize success
k_ramesh
Regular Member
 
Posts: 16
Joined: February 1st, 2013, 1:02 pm
Location: Singapore

Re: ZeroAccess.hp removal

Unread postby deltalima » February 4th, 2013, 8:39 am

Hi k_ramesh,

As your computer appears to be clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Remove all used tools

Please download OTC and save it to desktop.
  • Double-click OTC.exe..
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ZeroAccess.hp removal

Unread postby k_ramesh » February 4th, 2013, 9:39 pm

Hi deltatime,

Tried to clean using OTC but the system seems to hang (program not reponding mode), I have to force shutdown the
system to use it back. Is there something i need to do to run OTC?
Thanks
kr-
k_ramesh
Regular Member
 
Posts: 16
Joined: February 1st, 2013, 1:02 pm
Location: Singapore

Re: ZeroAccess.hp removal

Unread postby deltalima » February 5th, 2013, 4:41 am

Hi k_ramesh,

Tried to clean using OTC but the system seems to hang


Try running OTC in safe mode, if that still hangs then skip the OTC step and just manually remove TDSSKiller and DDS from the desktop.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ZeroAccess.hp removal

Unread postby k_ramesh » February 5th, 2013, 6:46 am

Hi deltalima,

Moved all virus cleaning files from desktop to a separate folder. Do not know that has caused any issue for OTC cleaner.
Deleted TDSKiller and DDS from harddisk and rerun OTS and it went well and rebooted the system after cleaning.

Let me know whether you need any log files to check.

Appreciate all the quick help and wonderful quick response.
Regards.
kr/-
k_ramesh
Regular Member
 
Posts: 16
Joined: February 1st, 2013, 1:02 pm
Location: Singapore

Re: ZeroAccess.hp removal

Unread postby deltalima » February 5th, 2013, 6:50 am

No, that's fine. You should be all set now.

Any questions?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: ZeroAccess.hp removal

Unread postby k_ramesh » February 5th, 2013, 7:03 am

Hi Deltalima,

Appreciate all your prompt replies and help.
Thanks.
kr/-
k_ramesh
Regular Member
 
Posts: 16
Joined: February 1st, 2013, 1:02 pm
Location: Singapore

Re: ZeroAccess.hp removal

Unread postby deltalima » February 5th, 2013, 7:06 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware