GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-06 19:00:19 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: 0d7df8y4.exe; Driver: C:\Users\User\AppData\Local\Temp\pxldapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a71401 2 bytes JMP 7759eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a71419 2 bytes JMP 775ab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a71431 2 bytes JMP 77628609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a7144a 2 bytes CALL 77581dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a714dd 2 bytes JMP 77627efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a714f5 2 bytes JMP 776280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a7150d 2 bytes JMP 77627df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a71525 2 bytes JMP 776281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a7153d 2 bytes JMP 7759f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a71555 2 bytes JMP 775ab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a7156d 2 bytes JMP 776286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a71585 2 bytes JMP 77628222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a7159d 2 bytes JMP 77627db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a715b5 2 bytes JMP 7759f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a715cd 2 bytes JMP 775ab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a716b2 2 bytes JMP 77628584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a716bd 2 bytes JMP 77627d4d C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a71401 2 bytes JMP 7759eb26 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a71419 2 bytes JMP 775ab513 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a71431 2 bytes JMP 77628609 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a7144a 2 bytes CALL 77581dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a714dd 2 bytes JMP 77627efe C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a714f5 2 bytes JMP 776280d8 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a7150d 2 bytes JMP 77627df4 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a71525 2 bytes JMP 776281c2 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a7153d 2 bytes JMP 7759f088 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a71555 2 bytes JMP 775ab885 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a7156d 2 bytes JMP 776286c1 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a71585 2 bytes JMP 77628222 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a7159d 2 bytes JMP 77627db8 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a715b5 2 bytes JMP 7759f121 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a715cd 2 bytes JMP 775ab29f C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a716b2 2 bytes JMP 77628584 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Hamachi\hamachi-2-ui.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a716bd 2 bytes JMP 77627d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077a71401 2 bytes JMP 7759eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077a71419 2 bytes JMP 775ab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077a71431 2 bytes JMP 77628609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000077a7144a 2 bytes CALL 77581dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000077a714dd 2 bytes JMP 77627efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077a714f5 2 bytes JMP 776280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000077a7150d 2 bytes JMP 77627df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077a71525 2 bytes JMP 776281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000077a7153d 2 bytes JMP 7759f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077a71555 2 bytes JMP 775ab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000077a7156d 2 bytes JMP 776286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077a71585 2 bytes JMP 77628222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000077a7159d 2 bytes JMP 77627db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000077a715b5 2 bytes JMP 7759f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000077a715cd 2 bytes JMP 775ab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000077a716b2 2 bytes JMP 77628584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2040] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000077a716bd 2 bytes JMP 77627d4d C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a71401 2 bytes JMP 7759eb26 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a71419 2 bytes JMP 775ab513 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a71431 2 bytes JMP 77628609 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a7144a 2 bytes CALL 77581dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a714dd 2 bytes JMP 77627efe C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a714f5 2 bytes JMP 776280d8 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a7150d 2 bytes JMP 77627df4 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a71525 2 bytes JMP 776281c2 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a7153d 2 bytes JMP 7759f088 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a71555 2 bytes JMP 775ab885 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a7156d 2 bytes JMP 776286c1 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a71585 2 bytes JMP 77628222 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a7159d 2 bytes JMP 77627db8 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a715b5 2 bytes JMP 7759f121 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a715cd 2 bytes JMP 775ab29f C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a716b2 2 bytes JMP 77628584 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a716bd 2 bytes JMP 77627d4d C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001031e94] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001031c38] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001032614] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001032a10] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800103286c] \SystemRoot\System32\Drivers\sptd.sys [unknown section] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7feefdca37c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7feefdca37c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7feefdcbea8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7feefdcbc04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7feefdcd0cc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7feefdca8d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7feefdcad74] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7feefdca4d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7feefdca37c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7feefdca8d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7feefdca37c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7feefdcacfc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7feefdcaa88] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7feefdca8d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7feefdcac14] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7feefdca4d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7feefdcb5d4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7feefdcbc04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileA] [7feefdca4d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\GPAPI.dll[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\Cabinet.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\Cabinet.dll[KERNEL32.dll!DeleteFileA] [7feefdca778] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\Cabinet.dll[KERNEL32.dll!SetFileAttributesA] [7feefdcad74] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\Cabinet.dll[KERNEL32.dll!CreateFileA] [7feefdca4d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileW] [7feefdca8d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7feefdca9fc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7feefdca37c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7feefdca4d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7feefdca8d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SRCLIENT.DLL[ADVAPI32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SRCLIENT.DLL[ADVAPI32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SRCLIENT.DLL[ADVAPI32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!RegCreateKeyExW] [7feefdcb6ec] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!CopyFileExW] [7feefdca458] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VssTrace.DLL[KERNEL32.dll!RegOpenKeyExW] [7feefdcb8c8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\dsrole.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\System32\ES.DLL[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\System32\ES.DLL[KERNEL32.dll!SetFileAttributesW] [7feefdcadd8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\System32\ES.DLL[KERNEL32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\System32\ES.DLL[KERNEL32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueA] [7feefdcbd3c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExA] [7feefdcbc04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegOpenKeyExA] [7feefdcb804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueW] [7feefdcbdc0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExW] [7feefdcbca0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SAMLIB.dll[KERNEL32.dll!RegSetValueExA] [7feefdcbc04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SAMLIB.dll[KERNEL32.dll!RegCreateKeyExA] [7feefdcb5d4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\SAMLIB.dll[KERNEL32.dll!RegOpenKeyExA] [7feefdcb804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lcreat] [7feefdcab98] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lopen] [7feefdcab1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lwrite] [7feefdcac14] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileA] [7feefdca778] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!GetProcAddress] [7fefc9aa7d0] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!CreateFileW] [7feefdca624] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileW] [7feefdca7dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4236] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!MoveFileW] [7feefdca8d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039a02c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039a02c0 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 fffffa80039a02c0 ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039a02c0 ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039a02c0 ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039a02c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa80039a02c0 ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039a02c0 Device \FileSystem\Ntfs \Ntfs fffffa80039a42c0 Device \FileSystem\fastfat \Fat fffffa80058472c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa80052bf2c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa800514d2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80052bf2c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa800514d2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800498b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{195700D7-367A-4ACA-B2A3-D58D5B0D0DCF} fffffa8004ca22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{14F7A98F-E975-432D-9805-D36FDAF077FB} fffffa8004ca22c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa800514d2c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa800514d2c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa800514d2c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa800514d2c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa80052bf2c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa800514d2c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80052bf2c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa800514d2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004ca22c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa800514d2c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa800514d2c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa800514d2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039a02c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa800514d2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039a02c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80039a02c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80039a02c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80039a02c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80039a02c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a02c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80039a02c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800491f060] fffffa800491f060 Trace 3 CLASSPNP.SYS[fffff880015b543f] -> nt!IofCallDriver -> [0xfffffa800440e520] fffffa800440e520 Trace 5 ACPI.sys[fffff88001158781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800440a680] fffffa800440a680 Trace \Driver\atapi[0xfffffa80043a48f0] -> IRP_MJ_CREATE -> 0xfffffa80039a02c0 fffffa80039a02c0 ---- Processes - GMER 2.1 ---- Library E:\AVG\avgsysa.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1292] 000007feffad0000 ---- Files - GMER 2.1 ---- File C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0029df 0 bytes ---- EOF - GMER 2.1 ----