GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-22 10:06:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST380815AS rev.4.ADA 74,51GB Running: g0l6xwkh.exe; Driver: C:\Users\DELL\AppData\Local\Temp\aftciaob.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076591401 2 bytes JMP 76e1b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076591419 2 bytes JMP 76e1b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076591431 2 bytes JMP 76e990f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007659144a 2 bytes CALL 76df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765914dd 2 bytes JMP 76e989ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765914f5 2 bytes JMP 76e98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007659150d 2 bytes JMP 76e988e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076591525 2 bytes JMP 76e98caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007659153d 2 bytes JMP 76e0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076591555 2 bytes JMP 76e16937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007659156d 2 bytes JMP 76e991a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076591585 2 bytes JMP 76e98d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007659159d 2 bytes JMP 76e988a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765915b5 2 bytes JMP 76e0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765915cd 2 bytes JMP 76e1b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765916b2 2 bytes JMP 76e9906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765916bd 2 bytes JMP 76e98839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076591401 2 bytes JMP 76e1b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076591419 2 bytes JMP 76e1b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076591431 2 bytes JMP 76e990f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007659144a 2 bytes CALL 76df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765914dd 2 bytes JMP 76e989ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765914f5 2 bytes JMP 76e98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007659150d 2 bytes JMP 76e988e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076591525 2 bytes JMP 76e98caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007659153d 2 bytes JMP 76e0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076591555 2 bytes JMP 76e16937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007659156d 2 bytes JMP 76e991a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076591585 2 bytes JMP 76e98d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007659159d 2 bytes JMP 76e988a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765915b5 2 bytes JMP 76e0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765915cd 2 bytes JMP 76e1b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765916b2 2 bytes JMP 76e9906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765916bd 2 bytes JMP 76e98839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076591401 2 bytes JMP 76e1b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076591419 2 bytes JMP 76e1b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076591431 2 bytes JMP 76e990f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007659144a 2 bytes CALL 76df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765914dd 2 bytes JMP 76e989ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765914f5 2 bytes JMP 76e98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007659150d 2 bytes JMP 76e988e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076591525 2 bytes JMP 76e98caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007659153d 2 bytes JMP 76e0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076591555 2 bytes JMP 76e16937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007659156d 2 bytes JMP 76e991a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076591585 2 bytes JMP 76e98d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007659159d 2 bytes JMP 76e988a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765915b5 2 bytes JMP 76e0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765915cd 2 bytes JMP 76e1b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765916b2 2 bytes JMP 76e9906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765916bd 2 bytes JMP 76e98839 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fee952b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fee952bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fee952b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fee952baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fee952a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fee952b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fee952b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fee952baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fee952a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fee952bcb0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fee952b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fee952ba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fee952b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fee952bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fee952d12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fee952baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fee952abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fee952a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fee952a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fee952a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fee952abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fee952ab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fee952a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fee952abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fee952a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fee952ab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fee952a890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fee952bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fee952b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fee952baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fee952b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fee952abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fee952a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fee952aa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fee952a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fee952b3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fee952ba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lcreat] [7fee952a9a0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lopen] [7fee952a924] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lwrite] [7fee952aa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileA] [7fee952a580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!MoveFileW] [7fee952a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7fee952a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7fee952a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7fee952baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7fee952bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7fee952b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7fee952b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7fee952a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7fee952a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fee952abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7fee952a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fee952b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fee952b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7fee952baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7fee952bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefcc64230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileW] [7fee952a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1496] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileExW] [7fee952a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL ---- Threads - GMER 2.2 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:4800] 0000000075b57587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:4808] 000000006d0a9946 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:4828] 0000000077351697 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:3468] 0000000077357ad8 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:3704] 0000000077357ad8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???i?z???h?h????@mshdc.inf,%idechannel.devicedesc%;Kana? IDE????????????????Intel-29b6?Internal_IDE_Channel?????????????????????????? &??j???E?????owA???????_?????????????n?/??????????????? ???????h?????h?????Z?,??(???????????????????s?????????|????/??????????? ???f???????????4??? ???????h?????h???????3????????????????????????????? ???????h???????????h?3?????????????????????y?????????h???h???h????????? ???f???????????/??System?????????????????h?????.??? ???????h???????????h?3????????????????????? ???????h?????h???????3????????????????????? ???????h???????????h?3????????T?????????????????????????????T??h?????????????h????????????????? ???????h???????????h??????????????????????????????PCI\VEN_8086&DEV_2914&SUBSYS_00000000&REV_02?PCI\VEN_8086&DEV_2914&SUBSYS_00000000?PCI\VEN_8086&DEV_2914&REV_02?PCI\VEN_8086&DEV_2914?PCI\VEN_8086&DEV_2914&CC_060100?PCI\VEN_8086&DEV_2914&CC_0601?????PCI\VEN_8086&CC_060100?PCI\VEN_8086&CC_0601?PCI\VEN_8086?PCI\CC_060100?PCI\CC_0601????????N??i?????????-?&???????????-???????.??Tcp Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????????6-21-2006???@usbport.inf,%usb\root_hub.devicedesc%;G??wny koncentrator USB??????@usbport.inf,%intel.mfg%;Intel??????????????00??????????????????? ???????n?????????????,??????????????????????2 PC???????????????W?????????????????N????????????00??@usbport.inf,%usb\root_hub.devicedesc%;G??wny koncentrator USB????????D????????????ecy??AirSpaceChannel??z???????????????????????z?????l?d???W?Z?Z?Z?Z?Z?Z?Z????????@machine.inf,%intel_mfg%;Intel???????????????????&???????????????????????????????????6??????????????????@usbport.inf,%usb\root_hub20.devicedesc%;G??wny koncentrator USB????USB\DevClass_00&SubClass_00&Prot_00?USB\DevClass_00&SubClass_00?USB\DevClass_00?USB\COMPOSITE???????USB\Class_03&SubClass_01&Prot_02?USB\Class_03&SubClass_01?USB\Class_03???????o?o?o?o?o?o?????l????????X?????????????????iv??@usbport.inf,%usb\root_hub20.devicedesc%;G??wny koncentrator USB?????????????|???????|???_?e?f?f?g?g?d?d?d???t??Extended Base???????3}?????????????g????4?????x??????|????????????e??u??????????system32\DRIVERS\Wi ---- EOF - GMER 2.2 ----