Hi Scholabar.
Can you please confirm whether or not you ran the DeFogger tool as requested?
Yes; the log I posted for you was the log it displayed when it finished.
Please Note: Regarding downloadable bootkits from the Internet you need to be aware that:
Understood. I obtained it through Ubuntu Support; it is not an installation disc but rather the repair version for Win 7.
The best and safest course of action if you do not have the original recovery media for your PC would be to contact Acer Support.
I have done so in the past with no luck. And since I am no longer in warranty they are not interested in me whatsoever.
I wasn't able to download Rootkit UnHooker as the site wouldn't load so I downloaded it from SpywareInfo instead. If it is the wrong version, please let me know.
MBR Backup was successful and I have saved an external copy.
Also, a new thing has started happening lately. Whenever I boot my computer, avast doesn't run unless I open it. It has never done this before and it happens when I boot every time now. Just thought I'd let you know.
Rkill Log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 09/05/2011 at 8:35:33.
Operating System: Windows 7 Professional
Processes terminated by Rkill or while it was running:
Rkill completed on 09/05/2011 at 8:35:58.
MBR Scan Log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Veriton 7900Pro
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 199):
0x83C06000 \SystemRoot\system32\ntkrnlpa.exe
0x84018000 \SystemRoot\system32\halmacpi.dll
0x80BCA000 \SystemRoot\system32\kdcom.dll
0x8420B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x84290000 \SystemRoot\system32\PSHED.dll
0x842A1000 \SystemRoot\system32\BOOTVID.dll
0x842A9000 \SystemRoot\system32\CLFS.SYS
0x842EB000 \SystemRoot\system32\CI.dll
0x8983A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x898AB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x898B9000 \SystemRoot\system32\drivers\ACPI.sys
0x89901000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8990A000 \SystemRoot\system32\drivers\msisadrv.sys
0x89912000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8991D000 \SystemRoot\system32\drivers\pci.sys
0x89947000 \SystemRoot\System32\drivers\partmgr.sys
0x89958000 \SystemRoot\system32\drivers\volmgr.sys
0x89968000 \SystemRoot\System32\drivers\volmgrx.sys
0x899B3000 \SystemRoot\system32\drivers\intelide.sys
0x899BA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x899C8000 \SystemRoot\system32\drivers\pciide.sys
0x899CF000 \SystemRoot\System32\drivers\mountmgr.sys
0x89800000 \SystemRoot\system32\drivers\vmbus.sys
0x899E5000 \SystemRoot\system32\drivers\winhv.sys
0x899F7000 \SystemRoot\system32\drivers\atapi.sys
0x84396000 \SystemRoot\system32\drivers\ataport.SYS
0x8982A000 \SystemRoot\system32\drivers\amdxata.sys
0x843B9000 \SystemRoot\system32\drivers\fltmgr.sys
0x843ED000 \SystemRoot\system32\drivers\fileinfo.sys
0x89A3A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89B69000 \SystemRoot\System32\Drivers\msrpc.sys
0x89B94000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89C17000 \SystemRoot\System32\Drivers\cng.sys
0x89C74000 \SystemRoot\System32\drivers\pcw.sys
0x89C82000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89C8B000 \SystemRoot\system32\drivers\ndis.sys
0x89D42000 \SystemRoot\system32\drivers\NETIO.SYS
0x89D80000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89E35000 \SystemRoot\System32\drivers\tcpip.sys
0x89F7F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89FB0000 \SystemRoot\system32\drivers\vmstorfl.sys
0x89FB9000 \SystemRoot\system32\drivers\volsnap.sys
0x89FF8000 \SystemRoot\System32\Drivers\spldr.sys
0x89E00000 \SystemRoot\System32\drivers\rdyboost.sys
0x89DA5000 \SystemRoot\System32\Drivers\mup.sys
0x89E2D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89DB5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89DE7000 \SystemRoot\system32\DRIVERS\disk.sys
0x89BA7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89A00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E632000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8E6A2000 \SystemRoot\System32\Drivers\Null.SYS
0x8E6A9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E6B0000 \SystemRoot\System32\drivers\vga.sys
0x8E6BC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E6DD000 \SystemRoot\System32\drivers\watchdog.sys
0x8E6EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E6F2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E6FA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8E702000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E70D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E71B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E732000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E73E000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8E748000 \SystemRoot\system32\drivers\afd.sys
0x8E7A2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8E7A7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E7D9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E7E0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E600000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8E611000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89A1F000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E61F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89BE8000 \SystemRoot\system32\drivers\termdd.sys
0x8FA1A000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8FA28000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FA69000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FA73000 \SystemRoot\system32\drivers\mssmbios.sys
0x8FA7D000 \SystemRoot\System32\drivers\discache.sys
0x8FA89000 \SystemRoot\system32\drivers\csc.sys
0x8FAED000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FB05000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FB13000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8FB5C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FB7D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90007000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90510000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x905C7000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8FB8F000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FB99000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8FBD1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8FA00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90623000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9066E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9067D000 \SystemRoot\system32\drivers\HDAudBus.sys
0x907D3000 \SystemRoot\system32\DRIVERS\fdc.sys
0x907DE000 \SystemRoot\system32\DRIVERS\parport.sys
0x907F6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90600000 \SystemRoot\system32\drivers\CompositeBus.sys
0x9060D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9069C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x906B4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x906BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x906E1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x906F9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90710000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90727000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90731000 \SystemRoot\system32\drivers\kbdclass.sys
0x9073E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9074B000 \SystemRoot\system32\drivers\swenum.sys
0x9074D000 \SystemRoot\system32\drivers\ks.sys
0x90781000 \SystemRoot\system32\drivers\umbus.sys
0x9078F000 \SystemRoot\system32\drivers\usbhub.sys
0x9782C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9783D000 \SystemRoot\system32\drivers\HdAudio.sys
0x9788D000 \SystemRoot\system32\drivers\portcls.sys
0x978BC000 \SystemRoot\system32\drivers\drmk.sys
0x97C70000 \SystemRoot\System32\win32k.sys
0x978D5000 \SystemRoot\System32\drivers\Dxapi.sys
0x978DF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x978EC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x978F7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97900000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97911000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97ED0000 \SystemRoot\System32\TSDDD.dll
0x9791C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x97933000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x97F20000 \SystemRoot\System32\ATMFD.DLL
0x97935000 \SystemRoot\system32\DRIVERS\wdcsam.sys
0x97938000 \SystemRoot\system32\drivers\luafv.sys
0x97953000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x9798B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9798E000 \SystemRoot\system32\drivers\WudfPf.sys
0x979A8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x979B8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x97800000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97810000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8FA0B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x89C00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97823000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x89BCC000 \SystemRoot\system32\drivers\usbccgp.sys
0x84200000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D427000 \SystemRoot\system32\DRIVERS\point32.sys
0x8D430000 \SystemRoot\system32\drivers\kbdhid.sys
0x8D43C000 \SystemRoot\system32\drivers\HTTP.sys
0x8D4C1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8D4DA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8D4EC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D50F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8D54A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8D565000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xAC429000 \SystemRoot\system32\drivers\peauth.sys
0xAC4C0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAC4CA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAC4EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAC4F8000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC548000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC59A000 \SystemRoot\system32\DRIVERS\udfs.sys
0xAC5DA000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x97F90000 \SystemRoot\System32\cdd.dll
0x77060000 \Windows\System32\ntdll.dll
0x48240000 \Windows\System32\smss.exe
0x772A0000 \Windows\System32\apisetschema.dll
0x002D0000 \Windows\System32\autochk.exe
0x771F0000 \Windows\System32\advapi32.dll
0x76FE0000 \Windows\System32\comdlg32.dll
0x76F30000 \Windows\System32\msvcrt.dll
0x76E20000 \Windows\System32\urlmon.dll
0x76D00000 \Windows\System32\wininet.dll
0x76C50000 \Windows\System32\rpcrt4.dll
0x76AB0000 \Windows\System32\setupapi.dll
0x771E0000 \Windows\System32\psapi.dll
0x771A0000 \Windows\System32\ws2_32.dll
0x76AA0000 \Windows\System32\lpk.dll
0x76A50000 \Windows\System32\Wldap32.dll
0x76890000 \Windows\System32\iertutil.dll
0x76880000 \Windows\System32\nsi.dll
0x767E0000 \Windows\System32\usp10.dll
0x767B0000 \Windows\System32\imagehlp.dll
0x75B60000 \Windows\System32\shell32.dll
0x75AD0000 \Windows\System32\oleaut32.dll
0x75A00000 \Windows\System32\msctf.dll
0x75930000 \Windows\System32\user32.dll
0x757D0000 \Windows\System32\ole32.dll
0x75780000 \Windows\System32\gdi32.dll
0x75720000 \Windows\System32\difxapi.dll
0x75710000 \Windows\System32\normaliz.dll
0x756B0000 \Windows\System32\shlwapi.dll
0x75690000 \Windows\System32\sechost.dll
0x755B0000 \Windows\System32\kernel32.dll
0x75520000 \Windows\System32\clbcatq.dll
0x75500000 \Windows\System32\imm32.dll
0x754B0000 \Windows\System32\KernelBase.dll
0x75480000 \Windows\System32\wintrust.dll
0x75460000 \Windows\System32\devobj.dll
0x75340000 \Windows\System32\crypt32.dll
0x752B0000 \Windows\System32\comctl32.dll
0x75280000 \Windows\System32\cfgmgr32.dll
0x75270000 \Windows\System32\msasn1.dll
Processes (total 53):
0 System Idle Process
4 System
404 C:\Windows\System32\smss.exe
504 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
616 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1528 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1856 C:\Windows\System32\spoolsv.exe
1884 C:\Windows\System32\svchost.exe
1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2012 C:\Program Files\Intel\AMT\atchksrv.exe
2036 C:\Program Files\Bonjour\mDNSResponder.exe
252 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\IPROSetMonitor.exe
604 C:\Program Files\Intel\AMT\LMS.exe
1084 C:\Windows\System32\svchost.exe
1496 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2080 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2444 C:\Windows\System32\svchost.exe
3428 C:\Windows\System32\SearchIndexer.exe
3612 C:\Program Files\iPod\bin\iPodService.exe
2548 C:\Program Files\Windows Media Player\wmpnetwk.exe
3496 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3308 csrss.exe
3440 C:\Windows\System32\winlogon.exe
2636 C:\Windows\System32\taskeng.exe
2244 C:\Windows\System32\taskhost.exe
3104 C:\Windows\System32\dwm.exe
3388 C:\Windows\explorer.exe
3880 C:\Program Files\iTunes\iTunesHelper.exe
4076 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3140 C:\Windows\System32\hkcmd.exe
2404 C:\Windows\System32\igfxpers.exe
2280 C:\Windows\System32\StikyNot.exe
3864 C:\Windows\System32\igfxsrvc.exe
3128 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
3920 C:\Program Files\Mozilla Firefox\firefox.exe
3120 C:\Windows\System32\SearchProtocolHost.exe
3168 C:\Windows\System32\SearchFilterHost.exe
2384 C:\Users\Liam\Desktop\MBRCheck.exe
1816 C:\Windows\System32\conhost.exe
3412 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f3947600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`2503b000 (FAT32)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200AAJS-22VWA0, Rev: 12.01B02
PhysicalDrive1 Model Number: WDMy Passport 070B, Rev: 1032
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
297 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Rootkit UnHooker Log:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #4
==============================================
>Drivers
==============================================
0x90007000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x83C06000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x83C06000 PnpManager 4268032 bytes
0x83C06000 RAW 4268032 bytes
0x83C06000 WMIxWDM 4268032 bytes
0x97C70000 Win32k 2416640 bytes
0x97C70000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89E35000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x89A3A000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90510000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89C8B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x842EB000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xAC429000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D43C000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8420B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8983A000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8E632000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8FA89000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89C17000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E748000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAC548000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9783D000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xAC4F8000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x97F20000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x90623000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x89968000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FB13000 C:\Windows\System32\Drivers\aswSP.SYS 299008 bytes (AVAST Software, avast! self protection module)
0x898B9000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x979B8000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9078F000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x842A9000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FA28000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAC59A000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x89FB9000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89D42000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8D50F000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x905C7000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x97953000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8FB99000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0x84018000 ACPI_HAL 225280 bytes
0x84018000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x843B9000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9074D000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89DB5000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E7A7000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89F7F000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9788D000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89E00000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x89B69000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8FBD1000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8991D000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x89800000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x89BA7000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89D80000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x84396000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8D4EC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x906BF000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAC4CA000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8FB5C000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E6BC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x89A00000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9067D000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E7E0000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97F90000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x97938000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8D54A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x89A1F000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
0x9798E000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8D4C1000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x978BC000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8FAED000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x907DE000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x9069C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x906E1000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x906F9000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90710000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E71B000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x89BCC000 C:\Windows\system32\drivers\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9791C000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x899CF000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x89C00000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x89B94000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x97810000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E61F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x899E5000 00000147 73728 bytes
0x9060D000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8FB7D000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8D4DA000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x899E5000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x89DE7000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x97900000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x843ED000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9782C000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x89947000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x84290000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89BE8000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8E600000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x979A8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89DA5000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x97800000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x89958000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9066E000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8FB05000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E611000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E70D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x899BA000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89C74000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8FA1A000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x90781000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x898AB000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90600000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x978DF000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90731000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9073E000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xAC4EB000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E6DD000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8FA7D000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8D430000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8E732000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8E6B0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x978EC000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x907D3000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x8FA0B000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x97911000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x84200000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8E702000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x906B4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FA00000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x89912000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8E73E000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x978D5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FA73000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FA69000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x90727000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xAC4C0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8FB8F000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8982A000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xAC5DA000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x899F7000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x978F7000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x89C82000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xAC5E3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8D427000 C:\Windows\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
0x97ED0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89FB0000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x89901000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x842A1000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x89E2D000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCA000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8990A000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E6EA000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E6F2000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8E6FA000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x89FF8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8E6A9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x97823000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x899B3000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8E6A2000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8D565000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x899C8000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8E7D9000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x907F6000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8E7A2000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x9798B000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x97935000 C:\Windows\system32\DRIVERS\wdcsam.sys 12288 bytes (Western Digital Technologies, WD SCSI Architecture Model (SAM) driver)
0x9074B000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x97933000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x000F0000 Hidden Image-->unknown_code_page [ EPROCESS 0x882F1600 ] PID: 1496, 40960 bytes
0x8D596F2E Unknown thread object [ ETHREAD 0x85DBDD48 ] , 600 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0007EE9C, Type: Inline - RelativeJump 0x83C84E9C-->83C84F06 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0007EEA8, Type: Inline - RelativeJump 0x83C84EA8-->83C84F13 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0007EEC4, Type: Inline - RelativeJump 0x83C84EC4-->83C84F2F [ntkrnlpa.exe]
ntkrnlpa.exe+0x0007EEEC, Type: Inline - RelativeJump 0x83C84EEC-->83C84F57 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0007F04C, Type: Inline - RelativeJump 0x83C8504C-->83C850B7 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0007F088, Type: Inline - RelativeJump 0x83C85088-->83C85105 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0007F0A4, Type: Inline - RelativeJump 0x83C850A4-->83C85113 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0007F0C0, Type: Inline - RelativeJump 0x83C850C0-->83C8512A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0022516E, Type: Inline - RelativeJump 0x83E2B16E-->8FB2FBD4 [aswSP.SYS]
ntkrnlpa.exe+0x0025402C, Type: Inline - RelativeJump 0x83E5A02C-->83E5A03E [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x83EE3E44-->8FB32766 [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x83E12B6C-->8FB2E11E [aswSP.SYS]
[1004]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1004]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1004]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[1004]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[1004]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[1004]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[1004]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[1036]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1036]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1036]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[1036]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[1036]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[1036]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[1036]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[1084]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1084]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1196]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1196]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1196]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[1196]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[1196]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[1196]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[1196]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[1384]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1384]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1496]WLIDSVC.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1496]WLIDSVC.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1496]WLIDSVC.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[1496]WLIDSVC.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[1496]WLIDSVC.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[1496]WLIDSVC.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[1496]WLIDSVC.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[1528]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x75603D01-->00000000 [unknown_code_page]
[1856]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1856]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1856]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[1856]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[1856]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[1856]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[1856]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[1884]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1884]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1884]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[1884]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[1884]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[1884]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[1884]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[1980]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[1980]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[1980]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[1980]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[1980]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[1980]AppleMobileDeviceService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[1980]AppleMobileDeviceService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[2012]atchksrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[2012]atchksrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[2012]atchksrv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[2012]atchksrv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[2012]atchksrv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[2012]atchksrv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[2012]atchksrv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[2036]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[2036]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[2036]mDNSResponder.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[2036]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[2036]mDNSResponder.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[2036]mDNSResponder.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[2036]mDNSResponder.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[2080]WLIDSVCM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[2080]WLIDSVCM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[2080]WLIDSVCM.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[2080]WLIDSVCM.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[2080]WLIDSVCM.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[2080]WLIDSVCM.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[2080]WLIDSVCM.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[2444]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[2444]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[2444]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[2444]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[2444]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[2444]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[2444]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[252]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[252]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[252]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[252]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[252]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[252]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[252]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[2548]wmpnetwk.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[2548]wmpnetwk.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[2548]wmpnetwk.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[2548]wmpnetwk.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[2548]wmpnetwk.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[2548]wmpnetwk.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[2548]wmpnetwk.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3104]dwm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3104]dwm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3104]dwm.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3104]dwm.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3104]dwm.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3104]dwm.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3104]dwm.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3128]dpupdchk.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3128]dpupdchk.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3128]dpupdchk.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3128]dpupdchk.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3128]dpupdchk.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3128]dpupdchk.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3128]dpupdchk.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3140]hkcmd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3140]hkcmd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3140]hkcmd.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3140]hkcmd.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3140]hkcmd.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3140]hkcmd.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3140]hkcmd.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3388]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3388]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3388]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3388]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3388]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3388]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3388]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3428]SearchIndexer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3428]SearchIndexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3428]SearchIndexer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3428]SearchIndexer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3428]SearchIndexer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3428]SearchIndexer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3428]SearchIndexer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3612]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3612]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3612]iPodService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3612]iPodService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3612]iPodService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3612]iPodService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3612]iPodService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3864]igfxsrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3864]igfxsrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3864]igfxsrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3864]igfxsrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3864]igfxsrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3864]igfxsrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3864]igfxsrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3880]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3880]iTunesHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3880]iTunesHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3880]iTunesHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3880]iTunesHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3880]iTunesHelper.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3880]iTunesHelper.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[3920]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[3920]firefox.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[3920]firefox.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[3920]firefox.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[3920]firefox.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[3920]firefox.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[3920]firefox.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[4076]ipoint.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[4076]ipoint.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[4076]ipoint.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[4076]ipoint.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[4076]ipoint.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[4076]ipoint.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[4076]ipoint.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[524]IPROSetMonitor.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[524]IPROSetMonitor.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[524]IPROSetMonitor.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[524]IPROSetMonitor.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[524]IPROSetMonitor.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[524]IPROSetMonitor.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[524]IPROSetMonitor.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[556]wininit.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[556]wininit.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[556]wininit.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[556]wininit.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[556]wininit.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[556]wininit.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[556]wininit.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[604]LMS.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[604]LMS.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[604]LMS.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[604]LMS.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[604]LMS.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[604]LMS.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[604]LMS.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
[616]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[616]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[640]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[640]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[660]lsm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[660]lsm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[788]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[788]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[880]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[880]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[948]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x770C22B8-->00000000 [unknown_code_page]
[948]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x770BC8DE-->00000000 [unknown_code_page]
[948]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75966D0C-->00000000 [unknown_code_page]
[948]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7593E30C-->00000000 [unknown_code_page]
[948]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x759424DC-->00000000 [unknown_code_page]
[948]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7593ADF9-->00000000 [unknown_code_page]
[948]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7593B750-->00000000 [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)