032 F7B76000 00596000 igxpmp32.sys ialm YES YES
033 F7B62000 00014000 VIDEOPRT.SYS YES YES
034 F7B3A000 00028000 HDAudBus.sys HDAudBus YES YES
035 F7B23000 00017000 jmcr.sys JMCR YES YES
036 F7B0B000 00018000 SCSIPORT.SYS YES YES
037 F79D0000 0013B000 bcmwl5.sys BCM43XX YES YES
038 F79B6000 0001A000 Rtenicxp.sys RTLE8023xp YES YES
039 F874C000 00006000 usbuhci.sys usbuhci YES YES
040 F7992000 00024000 USBPORT.SYS YES YES
041 F875C000 00008000 usbehci.sys usbehci YES YES
042 F8934000 00004000 CmBatt.sys CmBatt YES YES
043 F8514000 0000D000 i8042prt.sys i8042prt YES YES
044 F876C000 00006000 kbdclass.sys Kbdclass YES YES
045 F795A000 00038000 SynTP.sys SynTP YES YES
046 F897C000 00002000 USBD.SYS YES YES
047 F877C000 00006000 mouclass.sys Mouclass YES YES
048 F8B13000 00001000 audstub.sys audstub YES YES
049 F8524000 0000D000 rasl2tp.sys Rasl2tp YES YES
050 F893C000 00003000 ndistapi.sys NdisTapi YES YES
051 F7943000 00017000 ndiswan.sys NdisWan YES YES
052 F8534000 0000B000 raspppoe.sys RasPppoe YES YES
053 F8544000 0000C000 raspptp.sys PptpMiniport YES YES
054 F879C000 00005000 TDI.SYS YES YES
055 F790A000 00011000 psched.sys PSched YES YES
056 F8554000 00009000 msgpc.sys Gpc YES YES
057 F87AC000 00005000 ptilink.sys Ptilink YES YES
058 F87BC000 00005000 raspti.sys Raspti YES YES
059 F8564000 0000A000 termdd.sys TermDD YES YES
060 F8982000 00002000 swenum.sys swenum YES YES
061 F78E7000 00023000 ks.sys YES YES
062 F7889000 0005E000 update.sys Update YES YES
063 F8954000 00004000 mssmbios.sys mssmbios YES YES
064 F8574000 0000A000 NDProxy.SYS NDProxy YES YES
065 F8594000 0000F000 usbhub.sys usbhub YES YES
066 AA310000 004B0000 RtkHDAud.sys IntcAzAudAddService YES YES
067 AA2EC000 00024000 portcls.sys YES YES
068 F85A4000 0000F000 drmk.sys YES YES
069 F7937000 00003000 i2omgmt.SYS i2omgmt YES YES
070 F898C000 00002000 Fs_Rec.SYS Fs_Rec YES YES
071 F8B5B000 00001000 Null.SYS Null YES YES
072 F8990000 00002000 Beep.SYS Beep YES YES
073 F882C000 00007000 HIDPARSE.SYS YES YES
074 F8834000 00006000 vga.sys VgaSave YES YES
075 F8994000 00002000 mnmdd.SYS mnmdd YES YES
076 F8998000 00002000 RDPCDD.sys RDPCDD YES YES
077 F8844000 00005000 Msfs.SYS Msfs YES YES
078 F8854000 00008000 Npfs.SYS Npfs YES YES
079 F7927000 00003000 rasacd.sys RasAcd YES YES
080 AA269000 00013000 ipsec.sys IPSec YES YES
081 AA210000 00059000 tcpip.sys Tcpip YES YES
082 AA1C0000 00028000 netbt.sys NetBT YES YES
083 AA19A000 00026000 ipnat.sys IpNat YES YES
084 F85C4000 00009000 wanarp.sys Wanarp YES YES
085 AA178000 00022000 afd.sys AFD YES YES
086 F85D4000 00009000 netbios.sys NetBIOS YES YES
087 AA0AD000 0002B000 rdbss.sys Rdbss YES YES
088 AA03D000 00070000 mrxsmb.sys MRxSmb YES YES
089 F8604000 0000B000 Fips.SYS Fips YES YES
090 AA025000 00018000 dump_atapi.sys NO NO
091 F899E000 00002000 dump_WMILIB.SYS NO NO
092 BF800000 001C7000 win32k.sys YES YES
093 AA2B4000 00003000 Dxapi.sys YES YES
094 F870C000 00005000 watchdog.sys YES YES
095 BF000000 00012000 dxg.sys YES YES
096 F8A96000 00001000 dxgthk.sys YES YES
097 BF024000 0002B000 igxpgd32.dll YES YES
098 BF012000 00012000 igxprd32.dll YES YES
099 BF04F000 00198000 igxpdv32.DLL YES YES
100 BF1E7000 00293000 igxpdx32.DLL YES YES
101 BFFA0000 00046000 ATMFD.DLL YES YES
102 A9F0D000 00004000 ndisuio.sys Ndisuio YES YES
103 A9D50000 0002D000 mrxdav.sys MRxDAV YES YES
104 A9A29000 00057000 srv.sys Srv YES YES
105 A9A14000 00015000 wdmaud.sys wdmaud YES YES
106 A9C08000 0000F000 sysaudio.sys sysaudio YES YES
107 A936B000 00041000 HTTP.sys HTTP YES YES
108 A98CA000 00004000 sdthlpr.sys SDTHelper YES NO
109 A8FA9000 00024000 Fastfat.SYS Fastfat YES YES
110 7C900000 000B2000 ntdll.dll YES YES

Number of Module Table entries patched = 0
22:26:12 - Performing check: "SDT hooks":
Found KiServiceTable @ 8055C700

0 ZwAcceptConnectPort 805A45F6
1 ZwAccessCheck 805F0AD8
2 ZwAccessCheckAndAuditAlarm 805F430E
3 ZwAccessCheckByType 805F0B0A
4 ZwAccessCheckByTypeAndAuditAlarm 805F4348
5 ZwAccessCheckByTypeResultList 805F0B40
6 ZwAccessCheckByTypeResultListAndAuditAlarm 805F438C
7 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle 805F43D0
8 ZwAddAtom 806153D4
9 ZwAddBootEntry 80616108
10 ZwAdjustGroupsToken 805EBEBE
11 ZwAdjustPrivilegesToken 805EBB16
12 ZwAlertResumeThread 805D4B1E
13 ZwAlertThread 805D4ACE
14 ZwAllocateLocallyUniqueId 806159FA
15 ZwAllocateUserPhysicalPages 805B5F62
16 ZwAllocateUuids 80615016
17 ZwAllocateVirtualMemory 805A8A80
18 ZwAreMappedFilesTheSame 805B0576
19 ZwAssignProcessToJobObject 805D65E2
20 ZwCallbackReturn 8050189C
21 ZwCancelDeviceWakeupRequest 805C861C
22 ZwCancelIoFile 80576AE6
23 ZwCancelTimer 80538BEE
24 ZwClearEvent 8060E5E4
25 ZwClose 805BC4DC
26 ZwCloseObjectAuditAlarm 805F4848
27 ZwCompactKeys 80623398
28 ZwCompareTokens 805F8D5C
29 ZwCompleteConnectPort 805A4CE4
30 ZwCompressKey 806235EC
31 ZwConnectPort 805A4596
32 ZwContinue 80544EA4
33 ZwCreateDebugObject 80642132
34 ZwCreateDirectoryObject 805BE48C
35 ZwCreateEvent 8060E634
36 ZwCreateEventPair 8061697E
37 ZwCreateFile 80579084
38 ZwCreateIoCompletion 80578A62
39 ZwCreateJobObject 805D55A6
40 ZwCreateJobSet 805D52DE
41 ZwCreateKey 806237C8
42 ZwCreateMailslotFile 80579192
43 ZwCreateMutant 80616D76
44 ZwCreateNamedPipeFile 805790BE
45 ZwCreatePagingFile 805AB9B4
46 ZwCreatePort 805A50B2
47 ZwCreateProcess 805D11EA
48 ZwCreateProcessEx 805D1134
49 ZwCreateProfile 80617196
50 ZwCreateSection 805AB38E
51 ZwCreateSemaphore 80614734
52 ZwCreateSymbolicLinkObject 805C39A6
53 ZwCreateThread 805D0FD2
54 ZwCreateTimer 80616646
55 ZwCreateToken 805F9104
56 ZwCreateWaitablePort 805A50D6
57 ZwDebugActiveProcess 8064320E
58 ZwDebugContinue 8064335E
59 ZwDelayExecution 80616058
60 ZwDeleteAtom 8061588A
61 ZwDeleteBootEntry 805C861C
62 ZwDeleteFile 80576C2C
63 ZwDeleteKey 80623C64
64 ZwDeleteObjectAuditAlarm 805F4954
65 ZwDeleteValueKey 80623E34
66 ZwDeviceIoControlFile 8057924A
67 ZwDisplayString 806126B2
68 ZwDuplicateObject 805BDFB4
69 ZwDuplicateToken 805ECD6C
70 ZwEnumerateBootEntries 80616108
71 ZwEnumerateKey 80624014
72 ZwEnumerateSystemEnvironmentValuesEx 806160FA
73 ZwEnumerateValueKey 8062427E
74 ZwExtendSection 805B3C82
75 ZwFilterToken 805ECF18
76 ZwFindAtom 8061563E
77 ZwFlushBuffersFile 80576CF8
78 ZwFlushInstructionCache 805B67F6
79 ZwFlushKey 806244E8
80 ZwFlushVirtualMemory 805AC6C8
81 ZwFlushWriteBuffer 805B6798
82 ZwFreeUserPhysicalPages 805B6304
83 ZwFreeVirtualMemory 805B2F5E
84 ZwFsControlFile 8057927E
85 ZwGetContextThread 805D14E4
86 ZwGetDevicePowerState 805C863E
87 ZwGetPlugPlayEvent 80599116
88 ZwGetWriteWatch 80521196
89 ZwImpersonateAnonymousToken 805F8A50
90 ZwImpersonateClientOfPort 805A5140
91 ZwImpersonateThread 805D77A2
92 ZwInitializeRegistry 8062190A
93 ZwInitiatePowerAction 805C8416
94 ZwIsProcessInJob 805D51A2
95 ZwIsSystemResumeAutomatic 805C862A
96 ZwListenPort 805A534C
97 ZwLoadDriver 8058413A
98 ZwLoadKey 806259EC
99 ZwLoadKey2 806255F8
100 ZwLockFile 805792B2
101 ZwLockProductActivationKeys 80612CA4
102 ZwLockRegistryKey 80623698
103 ZwLockVirtualMemory 805B68FE
104 ZwMakePermanentObject 805BE282
105 ZwMakeTemporaryObject 805BC580
106 ZwMapUserPhysicalPages 805B53C2
107 ZwMapUserPhysicalPagesScatter 805B5912
108 ZwMapViewOfSection 805B1FE6
109 ZwModifyBootEntry 805C861C
110 ZwNotifyChangeDirectoryFile 80579ECA
111 ZwNotifyChangeKey 806259B6
112 ZwNotifyChangeMultipleKeys 806245EA
113 ZwOpenDirectoryObject 805BE55E
114 ZwOpenEvent 8060E734
115 ZwOpenEventPair 80616A56
116 ZwOpenFile 8057A182
117 ZwOpenIoCompletion 80578B3A
118 ZwOpenJobObject 805D572C
119 ZwOpenKey 80624BA6
120 ZwOpenMutant 80616E4E
121 ZwOpenObjectAuditAlarm 805F4416
122 ZwOpenProcess 805CB3FA
123 ZwOpenProcessToken 805ED706
124 ZwOpenProcessTokenEx 805ED36A
125 ZwOpenSection 805AA3B2
126 ZwOpenSemaphore 8061482E
127 ZwOpenSymbolicLinkObject 805C3B8C
128 ZwOpenThread 805CB686
129 ZwOpenThreadToken 805ED724
130 ZwOpenThreadTokenEx 805ED4DA
131 ZwOpenTimer 80616768
132 ZwPlugPlayControl 80645400
133 ZwPowerInformation 805C94AC
134 ZwPrivilegeCheck 805F7B02
135 ZwPrivilegeObjectAuditAlarm 805F3728
136 ZwPrivilegedServiceAuditAlarm 805F3914
137 ZwProtectVirtualMemory 805B83CA
138 ZwPulseEvent 8060E7EC
139 ZwQueryAttributesFile 80576ED6
140 ZwQueryBootEntryOrder 80616108
141 ZwQueryBootOptions 80616108
142 ZwQueryDebugFilterState 8053FBD6
143 ZwQueryDefaultLocale 806103DE
144 ZwQueryDefaultUILanguage 8061103E
145 ZwQueryDirectoryFile 80579E64
146 ZwQueryDirectoryObject 805BE5FE
147 ZwQueryEaFile 8057A1B2
148 ZwQueryEvent 8060E8B4
149 ZwQueryFullAttributesFile 8057702A
150 ZwQueryInformationAtom 806158B2
151 ZwQueryInformationFile 8057AA1E
152 ZwQueryInformationJobObject 805D5BFE
153 ZwQueryInformationPort 805A53AA
154 ZwQueryInformationProcess 805CCF4E
155 ZwQueryInformationThread 805CBB7C
156 ZwQueryInformationToken 805ED804
157 ZwQueryInstallUILanguage 806107DC
158 ZwQueryIntervalProfile 80617618
159 ZwQueryIoCompletion 80578BE2
160 ZwQueryKey 80624EE8
161 ZwQueryMultipleValueKey 80622916
162 ZwQueryMutant 80616EF6
163 ZwQueryObject 805C5278
164 ZwQueryOpenSubKeys 80622FC2
165 ZwQueryPerformanceCounter 806176A6
166 ZwQueryQuotaInformationFile 8057B800
167 ZwQuerySection 805B858C
168 ZwQuerySecurityObject 805C0046
169 ZwQuerySemaphore 806148E6
170 ZwQuerySymbolicLinkObject 805C3C2C
171 ZwQuerySystemEnvironmentValue 80616124
172 ZwQuerySystemEnvironmentValueEx 806160EC
173 ZwQuerySystemInformation 806110BE
174 ZwQuerySystemTime 8061287E
175 ZwQueryTimer 80616820
176 ZwQueryTimerResolution 80612910
177 ZwQueryValueKey 806219EC
178 ZwQueryVirtualMemory 805B8C1A
179 ZwQueryVolumeInformationFile 8057BCEA
180 ZwQueueApcThread 805D1230
181 ZwRaiseException 80544EEC
182 ZwRaiseHardError 80614558
183 ZwReadFile 8057C48A
184 ZwReadFileScatter 8057C9F4
185 ZwReadRequestData 805A5E32
186 ZwReadVirtualMemory 805B426E
187 ZwRegisterThreadTerminatePort 805D2738
188 ZwReleaseMutant 8061702E
189 ZwReleaseSemaphore 80614A16
190 ZwRemoveIoCompletion 80578EDA
191 ZwRemoveProcessDebug 806432DE
192 ZwRenameKey 806231EA
193 ZwReplaceKey 8062589C
194 ZwReplyPort 805A54B2
195 ZwReplyWaitReceivePort 805A647A
196 ZwReplyWaitReceivePortEx 805A5E82
197 ZwReplyWaitReplyPort 805A579C
198 ZwRequestDeviceWakeup 805C85AE
199 ZwRequestPort 805A2A10
200 ZwRequestWaitReplyPort 805A2D3C
201 ZwRequestWakeupLatency 805C83BC
202 ZwResetEvent 8060E9C6
203 ZwResetWriteWatch 8052167E
204 ZwRestoreKey 806251A8
205 ZwResumeProcess 805D4A78
206 ZwResumeThread 805D495A
207 ZwSaveKey 806252A4
208 ZwSaveKeyEx 8062538A
209 ZwSaveMergedKeys 806254B2
210 ZwSecureConnectPort 805A3D2A
211 ZwSetBootEntryOrder 80616108
212 ZwSetBootOptions 80616108
213 ZwSetContextThread 805D16F4
214 ZwSetDebugFilterState 80645F96
215 ZwSetDefaultHardErrorPort 80614402
216 ZwSetDefaultLocale 8061052E
217 ZwSetDefaultUILanguage 80610DA0
218 ZwSetEaFile 8057A6C6
219 ZwSetEvent 8060EA86
220 ZwSetEventBoostPriority 8060EB50
221 ZwSetHighEventPair 80616D12
222 ZwSetHighWaitLowEventPair 80616C42
223 ZwSetInformationDebugObject 80642CA8
224 ZwSetInformationFile 8057B010
225 ZwSetInformationJobObject 805D690C
226 ZwSetInformationKey 806224E2
227 ZwSetInformationObject 805C47EE
228 ZwSetInformationProcess 805CDE44
229 ZwSetInformationThread 805CC0C8
230 ZwSetInformationToken 805F9E7E
231 ZwSetIntervalProfile 8061717A
232 ZwSetIoCompletion 80578E78
233 ZwSetLdtEntries 805D38A4
234 ZwSetLowEventPair 80616CAE
235 ZwSetLowWaitHighEventPair 80616BD6
236 ZwSetQuotaInformationFile 8057B7DE
237 ZwSetSecurityObject 805C05DA
238 ZwSetSystemEnvironmentValue 806163A8
239 ZwSetSystemEnvironmentValueEx 806160EC
240 ZwSetSystemInformation 8060F3EC
241 ZwSetSystemPowerState 80652E18
242 ZwSetSystemTime 80613B86
243 ZwSetThreadExecutionState 805C82D0
244 ZwSetTimer 80538D7E
245 ZwSetTimerResolution 80613058
246 ZwSetUuidSeed 80614ECC
247 ZwSetValueKey 80621D3A
248 ZwSetVolumeInformationFile 8057C0F4
249 ZwShutdownSystem 80612676
250 ZwSignalAndWaitForSingleObject 80526774
251 ZwStartProfile 806173C4
252 ZwStopProfile 8061756E
253 ZwSuspendProcess 805D4A22
254 ZwSuspendThread 805D4894
255 ZwSystemDebugControl 80617792
256 ZwTerminateJobObject 805D74A0
257 ZwTerminateProcess 805D2982
258 ZwTerminateThread 805D2B7C
259 ZwTestAlert 805D4BE2
260 ZwTraceEvent 80535114
261 ZwTranslateFilePath 80616116
262 ZwUnloadDriver 805842CE
263 ZwUnloadKey 80622064
264 ZwUnloadKeyEx 80622286
265 ZwUnlockFile 80579656
266 ZwUnlockVirtualMemory 805B6E8C
267 ZwUnmapViewOfSection 805B2DF4
268 ZwVdmControl 805FB236
269 ZwWaitForDebugEvent 80642A10
270 ZwWaitForMultipleObjects 805C0790
271 ZwWaitForSingleObject 805C06A6
272 ZwWaitHighEventPair 80616B72
273 ZwWaitLowEventPair 80616B0E
274 ZwWriteFile 8057CEF2
275 ZwWriteFileGather 8057D4D6
276 ZwWriteRequestData 805A5E5A
277 ZwWriteVirtualMemory 805B4378
278 ZwYieldExecution 80504AF4
279 ZwCreateKeyedEvent 80617BEA
280 ZwOpenKeyedEvent 80617CD4
281 ZwReleaseKeyedEvent 80617D86
282 ZwWaitForKeyedEvent 80617FE2
283 ZwQueryPortInformationProcess 805CB8FC

Number of Service Table entries hooked = 0
Number of Service Table entries patched = 0
22:26:13 - Performing check: "IDT hooks":
IDT offset in kernel: 0x0670AF54
IDT address: 0x8003F400 (phys.: 0x062EF400)

INT# SegType DPL ISR
000(00) IntG32 00 0008:805421C0
001(01) IntG32 00 0008:8054233C
002(02) TaskG32 00 0058:805528A6
003(03) IntG32 03 0008:80542750
004(04) IntG32 03 0008:805428D0
005(05) IntG32 00 0008:80542A30
006(06) IntG32 00 0008:80542BA4
007(07) IntG32 00 0008:8054321C
008(08) TaskG32 00 0050:80552898
009(09) IntG32 00 0008:80543620
010(0A) IntG32 00 0008:80543740
011(0B) IntG32 00 0008:80543880
012(0C) IntG32 00 0008:80543AE0
013(0D) IntG32 00 0008:80543DCC
014(0E) IntG32 00 0008:805444E0
015(0F) IntG32 00 0008:80544818
016(10) IntG32 00 0008:80544938
017(11) IntG32 00 0008:80544A74
018(12) TaskG32 00 00A0:02902B58 (hooked)
019(13) IntG32 00 0008:80544BDC
020(14) IntG32 00 0008:80544818
021(15) IntG32 00 0008:80544818
022(16) IntG32 00 0008:80544818
023(17) IntG32 00 0008:80544818
024(18) IntG32 00 0008:80544818
025(19) IntG32 00 0008:80544818
026(1A) IntG32 00 0008:80544818
027(1B) IntG32 00 0008:80544818
028(1C) IntG32 00 0008:80544818
029(1D) IntG32 00 0008:80544818
030(1E) IntG32 00 0008:80544818
031(1F) IntG32 00 0008:806E610C
032(20) Not present
033(21) Not present
034(22) Not present
035(23) Not present
036(24) Not present
037(25) Not present
038(26) Not present
039(27) Not present
040(28) Not present
041(29) Not present
042(2A) IntG32 03 0008:805419EE
043(2B) IntG32 03 0008:80541AF0
044(2C) IntG32 03 0008:80541CA0
045(2D) IntG32 03 0008:8054262C
046(2E) IntG32 03 0008:80541471
047(2F) IntG32 00 0008:80544818
048(30) IntG32 00 0008:80540B30
049(31) IntG32 00 0008:80540B3A
050(32) IntG32 00 0008:80540B44
051(33) IntG32 00 0008:80540B4E
052(34) IntG32 00 0008:80540B58
053(35) IntG32 00 0008:80540B62
054(36) IntG32 00 0008:80540B6C
055(37) IntG32 00 0008:806E5864
056(38) IntG32 00 0008:80540B80
057(39) IntG32 00 0008:80540B8A
058(3A) IntG32 00 0008:80540B94
059(3B) IntG32 00 0008:80540B9E
060(3C) IntG32 00 0008:80540BA8
061(3D) IntG32 00 0008:806E6E2C
062(3E) IntG32 00 0008:80540BBC
063(3F) IntG32 00 0008:80540BC6
064(40) IntG32 00 0008:80540BD0
065(41) IntG32 00 0008:806E6C88
066(42) IntG32 00 0008:80540BE4
067(43) IntG32 00 0008:80540BEE
068(44) IntG32 00 0008:80540BF8
069(45) IntG32 00 0008:80540C02
070(46) IntG32 00 0008:80540C0C
071(47) IntG32 00 0008:80540C16
072(48) IntG32 00 0008:80540C20
073(49) IntG32 00 0008:80540C2A
074(4A) IntG32 00 0008:80540C34
075(4B) IntG32 00 0008:80540C3E
076(4C) IntG32 00 0008:80540C48
077(4D) IntG32 00 0008:80540C52
078(4E) IntG32 00 0008:80540C5C
079(4F) IntG32 00 0008:80540C66
080(50) IntG32 00 0008:806E593C
081(51) IntG32 00 0008:80540C7A
082(52) IntG32 00 0008:80540C84
083(53) IntG32 00 0008:80540C8E
084(54) IntG32 00 0008:80540C98
085(55) IntG32 00 0008:80540CA2
086(56) IntG32 00 0008:80540CAC
087(57) IntG32 00 0008:80540CB6
088(58) IntG32 00 0008:80540CC0
089(59) IntG32 00 0008:80540CCA
090(5A) IntG32 00 0008:80540CD4
091(5B) IntG32 00 0008:80540CDE
092(5C) IntG32 00 0008:80540CE8
093(5D) IntG32 00 0008:80540CF2
094(5E) IntG32 00 0008:80540CFC
095(5F) IntG32 00 0008:80540D06
096(60) IntG32 00 0008:80540D10
097(61) IntG32 00 0008:80540D1A
098(62) IntG32 00 0008:823D0044 (hooked)
099(63) IntG32 00 0008:821B1044 (hooked)
100(64) IntG32 00 0008:80540D38
101(65) IntG32 00 0008:80540D42
102(66) IntG32 00 0008:80540D4C
103(67) IntG32 00 0008:80540D56
104(68) IntG32 00 0008:80540D60
105(69) IntG32 00 0008:80540D6A
106(6A) IntG32 00 0008:80540D74
107(6B) IntG32 00 0008:80540D7E
108(6C) IntG32 00 0008:80540D88
109(6D) IntG32 00 0008:80540D92
110(6E) IntG32 00 0008:80540D9C
111(6F) IntG32 00 0008:80540DA6
112(70) IntG32 00 0008:80540DB0
113(71) IntG32 00 0008:80540DBA
114(72) IntG32 00 0008:80540DC4
115(73) IntG32 00 0008:81EB4BEC (hooked)
116(74) IntG32 00 0008:80540DD8
117(75) IntG32 00 0008:80540DE2
118(76) IntG32 00 0008:80540DEC
119(77) IntG32 00 0008:80540DF6
120(78) IntG32 00 0008:80540E00
121(79) IntG32 00 0008:80540E0A
122(7A) IntG32 00 0008:80540E14
123(7B) IntG32 00 0008:80540E1E
124(7C) IntG32 00 0008:80540E28
125(7D) IntG32 00 0008:80540E32
126(7E) IntG32 00 0008:80540E3C
127(7F) IntG32 00 0008:80540E46
128(80) IntG32 00 0008:80540E50
129(81) IntG32 00 0008:80540E5A
130(82) IntG32 00 0008:80540E64
131(83) IntG32 00 0008:81AA256C (hooked)
132(84) IntG32 00 0008:80540E78
133(85) IntG32 00 0008:80540E82
134(86) IntG32 00 0008:80540E8C
135(87) IntG32 00 0008:80540E96
136(88) IntG32 00 0008:80540EA0
137(89) IntG32 00 0008:80540EAA
138(8A) IntG32 00 0008:80540EB4
139(8B) IntG32 00 0008:80540EBE
140(8C) IntG32 00 0008:80540EC8
141(8D) IntG32 00 0008:80540ED2
142(8E) IntG32 00 0008:80540EDC
143(8F) IntG32 00 0008:80540EE6
144(90) IntG32 00 0008:80540EF0
145(91) IntG32 00 0008:80540EFA
146(92) IntG32 00 0008:80540F04
147(93) IntG32 00 0008:821B0BEC (hooked)
148(94) IntG32 00 0008:8198D974 (hooked)
149(95) IntG32 00 0008:80540F22
150(96) IntG32 00 0008:80540F2C
151(97) IntG32 00 0008:80540F36
152(98) IntG32 00 0008:80540F40
153(99) IntG32 00 0008:80540F4A
154(9A) IntG32 00 0008:80540F54
155(9B) IntG32 00 0008:80540F5E
156(9C) IntG32 00 0008:80540F68
157(9D) IntG32 00 0008:80540F72
158(9E) IntG32 00 0008:80540F7C
159(9F) IntG32 00 0008:80540F86
160(A0) IntG32 00 0008:80540F90
161(A1) IntG32 00 0008:80540F9A
162(A2) IntG32 00 0008:80540FA4
163(A3) IntG32 00 0008:821B14D4 (hooked)
164(A4) IntG32 00 0008:8215E044 (hooked)
165(A5) IntG32 00 0008:80540FC2
166(A6) IntG32 00 0008:80540FCC
167(A7) IntG32 00 0008:80540FD6
168(A8) IntG32 00 0008:80540FE0
169(A9) IntG32 00 0008:80540FEA
170(AA) IntG32 00 0008:80540FF4
171(AB) IntG32 00 0008:80540FFE
172(AC) IntG32 00 0008:80541008
173(AD) IntG32 00 0008:80541012
174(AE) IntG32 00 0008:8054101C
175(AF) IntG32 00 0008:80541026
176(B0) IntG32 00 0008:80541030
177(B1) IntG32 00 0008:82374BEC (hooked)
178(B2) IntG32 00 0008:80541044
179(B3) IntG32 00 0008:8054104E
180(B4) IntG32 00 0008:821AB974 (hooked)
181(B5) IntG32 00 0008:80541062
182(B6) IntG32 00 0008:8054106C
183(B7) IntG32 00 0008:80541076
184(B8) IntG32 00 0008:80541080
185(B9) IntG32 00 0008:8054108A
186(BA) IntG32 00 0008:80541094
187(BB) IntG32 00 0008:8054109E
188(BC) IntG32 00 0008:805410A8
189(BD) IntG32 00 0008:805410B2
190(BE) IntG32 00 0008:805410BC
191(BF) IntG32 00 0008:805410C6
192(C0) IntG32 00 0008:805410D0
193(C1) IntG32 00 0008:806E5AC0
194(C2) IntG32 00 0008:805410E4
195(C3) IntG32 00 0008:805410EE
196(C4) IntG32 00 0008:805410F8
197(C5) IntG32 00 0008:80541102
198(C6) IntG32 00 0008:8054110C
199(C7) IntG32 00 0008:80541116
200(C8) IntG32 00 0008:80541120
201(C9) IntG32 00 0008:8054112A
202(CA) IntG32 00 0008:80541134
203(CB) IntG32 00 0008:8054113E
204(CC) IntG32 00 0008:80541148
205(CD) IntG32 00 0008:80541152
206(CE) IntG32 00 0008:8054115C
207(CF) IntG32 00 0008:80541166
208(D0) IntG32 00 0008:80541170
209(D1) IntG32 00 0008:806E4E54
210(D2) IntG32 00 0008:80541184
211(D3) IntG32 00 0008:8054118E
212(D4) IntG32 00 0008:80541198
213(D5) IntG32 00 0008:805411A2
214(D6) IntG32 00 0008:805411AC
215(D7) IntG32 00 0008:805411B6
216(D8) IntG32 00 0008:805411C0
217(D9) IntG32 00 0008:805411CA
218(DA) IntG32 00 0008:805411D4
219(DB) IntG32 00 0008:805411DE
220(DC) IntG32 00 0008:805411E8
221(DD) IntG32 00 0008:805411F2
222(DE) IntG32 00 0008:805411FC
223(DF) IntG32 00 0008:80541206
224(E0) IntG32 00 0008:80541210
225(E1) IntG32 00 0008:806E6048
226(E2) IntG32 00 0008:80541224
227(E3) IntG32 00 0008:806E5DAC
228(E4) IntG32 00 0008:80541238
229(E5) IntG32 00 0008:80541242
230(E6) IntG32 00 0008:8054124C
231(E7) IntG32 00 0008:80541256
232(E8) IntG32 00 0008:80541260
233(E9) IntG32 00 0008:8054126A
234(EA) IntG32 00 0008:80541274
235(EB) IntG32 00 0008:8054127E
236(EC) IntG32 00 0008:80541288
237(ED) IntG32 00 0008:80541292
238(EE) IntG32 00 0008:80541299
239(EF) IntG32 00 0008:805412A0
240(F0) IntG32 00 0008:805412A7
241(F1) IntG32 00 0008:805412AE
242(F2) IntG32 00 0008:805412B5
243(F3) IntG32 00 0008:805412BC
244(F4) IntG32 00 0008:805412C3
245(F5) IntG32 00 0008:805412CA
246(F6) IntG32 00 0008:805412D1
247(F7) IntG32 00 0008:805412D8
248(F8) IntG32 00 0008:805412DF
249(F9) IntG32 00 0008:805412E6
250(FA) IntG32 00 0008:805412ED
251(FB) IntG32 00 0008:805412F4
252(FC) IntG32 00 0008:805412FB
253(FD) IntG32 00 0008:806E65A8
254(FE) IntG32 00 0008:806E6748
255(FF) IntG32 00 0008:80541310
22:26:14 - Performing check: "SYSENTER hook":
SYSENTER offset in kernel: 0x0046A540 (=0x80541540)
SYSENTER EIP: 0008:80541540 [OK]
22:26:14 - Performing check: "IAT hooks":

PID 768 - C:\WINDOWS\System32\smss.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)

PID 816 - C:\WINDOWS\system32\csrss.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
CSRSRV.dll (75B40000 - 75B4B000)
basesrv.dll (75B50000 - 75B60000)
winsrv.dll (75B60000 - 75BAB000)
GDI32.dll (77F10000 - 77F59000)
KERNEL32.dll (7C800000 - 7C8F6000)
USER32.dll (7E410000 - 7E4A1000)
sxs.dll (7E720000 - 7E7D0000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
Apphelp.dll (77B40000 - 77B62000)
VERSION.dll (77C00000 - 77C08000)

PID 840 - C:\WINDOWS\system32\winlogon.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
AUTHZ.dll (776C0000 - 776D2000)
msvcrt.dll (77C10000 - 77C68000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
NDdeApi.dll (75940000 - 75948000)
PROFMAP.dll (75930000 - 7593A000)
NETAPI32.dll (5B860000 - 5B8B5000)
USERENV.dll (769C0000 - 76A74000)
PSAPI.DLL (76BF0000 - 76BFB000)
REGAPI.dll (76BC0000 - 76BCF000)
SETUPAPI.dll (77920000 - 77A13000)
VERSION.dll (77C00000 - 77C08000)
WINSTA.dll (76360000 - 76370000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
IMM32.DLL (76390000 - 763AD000)
MSGINA.dll (75970000 - 75A68000)
COMCTL32.dll (5D090000 - 5D12A000)
ODBC32.dll (74320000 - 7435D000)
comdlg32.dll (763B0000 - 763F9000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
comctl32.dll (773D0000 - 774D3000)
odbcint.dll (00970000 - 00987000)
SHSVCS.dll (776E0000 - 77703000)
sfc.dll (76BB0000 - 76BB5000)
sfc_os.dll (76C60000 - 76C8A000)
ole32.dll (774E0000 - 7761D000)
Apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
sxs.dll (7E720000 - 7E7D0000)
WINSCARD.DLL (723D0000 - 723EC000)
WTSAPI32.dll (76F50000 - 76F58000)
uxtheme.dll (5AD70000 - 5ADA8000)
WINMM.dll (76B40000 - 76B6D000)
cscdll.dll (76600000 - 7661D000)
dimsntfy.dll (47020000 - 47028000)
WlNotify.dll (75950000 - 7596A000)
MPR.dll (71B20000 - 71B32000)
WINSPOOL.DRV (73000000 - 73026000)
rsaenh.dll (68000000 - 68036000)
SAMLIB.dll (71BF0000 - 71C03000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
iphlpapi.dll (76D60000 - 76D79000)
cscui.dll (77A20000 - 77A74000)
wdmaud.drv (72D20000 - 72D29000)
xpsp2res.dll (01750000 - 01A15000)
NTMARTA.DLL (77690000 - 776B1000)
WLDAP32.dll (76F60000 - 76F8C000)
COMRes.dll (77050000 - 77115000)
OLEAUT32.dll (77120000 - 771AB000)
CLBCATQ.DLL (76FD0000 - 7704F000)
msacm32.drv (72D10000 - 72D18000)
MSACM32.dll (77BE0000 - 77BF5000)
midimap.dll (77BD0000 - 77BD7000)
igfxdev.dll (10000000 - 10036000)

PID 884 - C:\WINDOWS\system32\services.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
NCObjAPI.DLL (5F770000 - 5F77C000)
MSVCP60.dll (76080000 - 760E5000)
SCESRV.dll (7DBD0000 - 7DC21000)
AUTHZ.dll (776C0000 - 776D2000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
USERENV.dll (769C0000 - 76A74000)
umpnpmgr.dll (7DBA0000 - 7DBC1000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
ShimEng.dll (5CB70000 - 5CB96000)
AcAdProc.dll (47260000 - 4726F000)
IMM32.DLL (76390000 - 763AD000)
Apphelp.dll (77B40000 - 77B62000)
VERSION.dll (77C00000 - 77C08000)
eventlog.dll (77B70000 - 77B81000)
PSAPI.DLL (76BF0000 - 76BFB000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)

PID 896 - C:\WINDOWS\system32\lsass.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
LSASRV.dll (75730000 - 757E5000)
MPR.dll (71B20000 - 71B32000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
MSASN1.dll (77B20000 - 77B32000)
msvcrt.dll (77C10000 - 77C68000)
NETAPI32.dll (5B860000 - 5B8B5000)
NTDSAPI.dll (767A0000 - 767B3000)
DNSAPI.dll (76F20000 - 76F47000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
WLDAP32.dll (76F60000 - 76F8C000)
SAMLIB.dll (71BF0000 - 71C03000)
SAMSRV.dll (74440000 - 744AA000)
cryptdll.dll (76790000 - 7679C000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
msprivs.dll (4D200000 - 4D20E000)
kerberos.dll (71CF0000 - 71D3C000)
msv1_0.dll (77C70000 - 77C95000)
iphlpapi.dll (76D60000 - 76D79000)
netlogon.dll (744B0000 - 74515000)
w32time.dll (767C0000 - 767EC000)
MSVCP60.dll (76080000 - 760E5000)
schannel.dll (767F0000 - 76818000)
CRYPT32.dll (77A80000 - 77B15000)
wdigest.dll (7DFC0000 - 7DFD1000)
rsaenh.dll (68000000 - 68036000)
setupapi.dll (77920000 - 77A13000)
scecli.dll (74410000 - 7443F000)
ipsecsvc.dll (743E0000 - 7440F000)
AUTHZ.dll (776C0000 - 776D2000)
oakley.DLL (75D90000 - 75E60000)
WINIPSEC.DLL (74370000 - 7437B000)
pstorsvc.dll (743A0000 - 743AB000)
psbase.dll (743C0000 - 743DB000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
dssenh.dll (68100000 - 68126000)

PID 1064 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
rpcss.dll (76A80000 - 76AE4000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
xpsp2res.dll (006B0000 - 00975000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
Apphelp.dll (77B40000 - 77B62000)
termsrv.dll (760F0000 - 76143000)
ICAAPI.dll (74F70000 - 74F76000)
SETUPAPI.dll (77920000 - 77A13000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
AUTHZ.dll (776C0000 - 776D2000)
mstlsapi.dll (75110000 - 7512F000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
NETAPI32.dll (5B860000 - 5B8B5000)
ATL.DLL (76B20000 - 76B31000)
REGAPI.dll (76BC0000 - 76BCF000)
rsaenh.dll (68000000 - 68036000)
msi.dll (7D1E0000 - 7D49C000)

PID 1132 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
rpcss.dll (76A80000 - 76AE4000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
xpsp2res.dll (006B0000 - 00975000)
rsaenh.dll (68000000 - 68036000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
DNSAPI.dll (76F20000 - 76F47000)
iphlpapi.dll (76D60000 - 76D79000)
winrnr.dll (76FB0000 - 76FB8000)
WLDAP32.dll (76F60000 - 76F8C000)
rasadhlp.dll (76FC0000 - 76FC6000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
msi.dll (7D1E0000 - 7D49C000)

PID 1172 - C:\WINDOWS\System32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
xpsp2res.dll (00630000 - 008F5000)
shsvcs.dll (776E0000 - 77703000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
dhcpcsvc.dll (7D4B0000 - 7D4D2000)
DNSAPI.dll (76F20000 - 76F47000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
iphlpapi.dll (76D60000 - 76D79000)
wzcsvc.dll (7DB10000 - 7DB9C000)
rtutils.dll (76E80000 - 76E8E000)
WMI.dll (76D30000 - 76D34000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
EapolQec.dll (72810000 - 7281B000)
ATL.DLL (76B20000 - 76B31000)
QUtil.dll (726C0000 - 726D6000)
MSVCP60.dll (76080000 - 760E5000)
dot3api.dll (478C0000 - 478CA000)
WTSAPI32.dll (76F50000 - 76F58000)
ESENT.dll (606B0000 - 607BD000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
rsaenh.dll (68000000 - 68036000)
rastls.dll (76B70000 - 76B97000)
CRYPTUI.dll (754D0000 - 75550000)
WININET.dll (3D930000 - 3DA16000)
Normaliz.dll (00B40000 - 00B49000)
urlmon.dll (78130000 - 78263000)
iertutil.dll (3DFD0000 - 3E1B8000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
SETUPAPI.dll (77920000 - 77A13000)
RASAPI32.dll (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
SCHANNEL.dll (767F0000 - 76818000)
WinSCard.dll (723D0000 - 723EC000)
PSAPI.DLL (76BF0000 - 76BFB000)
raschap.dll (76BD0000 - 76BE6000)
schedsvc.dll (77300000 - 77333000)
NTDSAPI.dll (767A0000 - 767B3000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
MSIDLE.DLL (74F50000 - 74F55000)
audiosrv.dll (708B0000 - 708BD000)
wkssvc.dll (76E40000 - 76E63000)
qmgr.dll (5B9F0000 - 5BA5B000)
MPR.dll (71B20000 - 71B32000)
SHFOLDER.dll (76780000 - 76789000)
WINHTTP.dll (4D4F0000 - 4D549000)
cryptsvc.dll (76CE0000 - 76CF2000)
certcli.dll (77B90000 - 77BC2000)
ersvc.dll (74F80000 - 74F89000)
es.dll (77710000 - 77754000)
pchsvc.dll (74F40000 - 74F4C000)
hidserv.dll (688E0000 - 688E9000)
HID.DLL (688F0000 - 688F9000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
srvsvc.dll (75090000 - 750AA000)
netman.dll (77D00000 - 77D33000)
netshell.dll (76400000 - 765A5000)
credui.dll (76C00000 - 76C2E000)
dot3dlg.dll (736D0000 - 736D6000)
OneX.DLL (5DCA0000 - 5DCC8000)
eappcfg.dll (745B0000 - 745D2000)
eappprxy.dll (5DCD0000 - 5DCDE000)
WZCSAPI.DLL (73030000 - 73040000)
seclogon.dll (73D20000 - 73D28000)
sens.dll (722D0000 - 722DD000)
tapisrv.dll (733E0000 - 73420000)
w32time.dll (767C0000 - 767EC000)
wuauserv.dll (50000000 - 50005000)
wuaueng.dll (50040000 - 50219000)
WINSPOOL.DRV (73000000 - 73026000)
Cabinet.dll (75150000 - 75163000)
mspatcha.dll (600A0000 - 600AB000)
wmisvc.dll (59490000 - 594B8000)
VSSAPI.DLL (753E0000 - 7544D000)
trkwks.dll (75070000 - 75089000)
srsvc.dll (751A0000 - 751CE000)
POWRPROF.dll (74AD0000 - 74AD8000)
browser.dll (76DA0000 - 76DB6000)
wscsvc.dll (4C0A0000 - 4C0B7000)
msi.dll (7D1E0000 - 7D49C000)
SXS.DLL (7E720000 - 7E7D0000)
ipnathlp.dll (66460000 - 664B5000)
AUTHZ.dll (776C0000 - 776D2000)
wbemcomn.dll (75290000 - 752C7000)
sfc.dll (76BB0000 - 76BB5000)
sfc_os.dll (76C60000 - 76C8A000)
wbemcore.dll (762C0000 - 76345000)
esscli.dll (75310000 - 7534F000)
FastProx.dll (75690000 - 75706000)
comsvcs.dll (76620000 - 7675C000)
colbact.DLL (75130000 - 75144000)
MTXCLU.DLL (750F0000 - 75103000)
WSOCK32.dll (71AD0000 - 71AD9000)
CLUSAPI.DLL (76D10000 - 76D22000)
RESUTILS.DLL (750B0000 - 750C2000)
wmiutils.dll (75020000 - 7503B000)
repdrvfs.dll (75200000 - 7522F000)
Apphelp.dll (77B40000 - 77B62000)
wmiprvsd.dll (3F1E0000 - 3F252000)
NCObjAPI.DLL (5F770000 - 5F77C000)
wbemess.dll (75390000 - 753D6000)
ncprov.dll (5F740000 - 5F74E000)
upnp.dll (76DE0000 - 76E04000)
SSDPAPI.dll (74F00000 - 74F0C000)
msxml3.dll (74980000 - 74AA3000)
winrnr.dll (76FB0000 - 76FB8000)
rasadhlp.dll (76FC0000 - 76FC6000)
dssenh.dll (68100000 - 68126000)
advpack.dll (65000000 - 6502E000)
rasmans.dll (7DF30000 - 7DF62000)
WINIPSEC.DLL (74370000 - 7437B000)
netcfgx.dll (755F0000 - 7568A000)
rastapi.dll (75880000 - 75891000)
unimdm.tsp (57CC0000 - 57CF6000)
uniplat.dll (72000000 - 72007000)
RASDLG.dll (768D0000 - 76974000)
kmddsp.tsp (57D40000 - 57D4B000)
ndptsp.tsp (57D20000 - 57D30000)
ipconf.tsp (57D50000 - 57D58000)
h323.tsp (57D70000 - 57DB6000)
hidphone.tsp (57D60000 - 57D6A000)
rasppp.dll (72240000 - 72277000)
ntlsapi.dll (724B0000 - 724B6000)
kerberos.dll (71CF0000 - 71D3C000)
RASQEC.DLL (72AE0000 - 72AF3000)
wups2.dll (50F00000 - 50F0D000)
mlang.dll (75CF0000 - 75D81000)
xmlprovi.dll (4CB90000 - 4CBA0000)

PID 1288 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
dnsrslvr.dll (76770000 - 7677D000)
DNSAPI.dll (76F20000 - 76F47000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
iphlpapi.dll (76D60000 - 76D79000)
rsaenh.dll (68000000 - 68036000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)

PID 1320 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)

USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
xpsp2res.dll (00630000 - 008F5000)
lmhsvc.dll (74C40000 - 74C46000)
iphlpapi.dll (76D60000 - 76D79000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
ssdpsrv.dll (765E0000 - 765F4000)
hnetcfg.dll (662B0000 - 66308000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
mswsock.dll (71A50000 - 71A8F000)
wshtcpip.dll (71A90000 - 71A98000)
DNSAPI.dll (76F20000 - 76F47000)
rasadhlp.dll (76FC0000 - 76FC6000)

PID 1556 - C:\WINDOWS\system32\spoolsv.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
msvcrt.dll (77C10000 - 77C68000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
SPOOLSS.DLL (742E0000 - 742F5000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
DNSAPI.dll (76F20000 - 76F47000)
iphlpapi.dll (76D60000 - 76D79000)
rasadhlp.dll (76FC0000 - 76FC6000)
localspl.dll (75BB0000 - 75C07000)
sfc_os.dll (76C60000 - 76C8A000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
winspool.drv (73000000 - 73026000)
netapi32.dll (5B860000 - 5B8B5000)
cnbjmon.dll (742A0000 - 742AE000)
hpzll5mu.dll (00980000 - 009A1000)
FXSMON.DLL (68F00000 - 68F09000)
FXSEVENT.dll (68F20000 - 68F31000)
pjlmon.dll (74280000 - 74287000)
tcpmon.dll (72400000 - 7240E000)
usbmon.dll (723F0000 - 723F7000)
hpzpp5mu.dll (00D90000 - 00DD9000)
filterpipelineprintproc.dll(3F420000 - 3F43B000)
mswsock.dll (71A50000 - 71A8F000)
winrnr.dll (76FB0000 - 76FB8000)
WLDAP32.dll (76F60000 - 76F8C000)
win32spl.dll (75C10000 - 75C34000)
NETRAP.dll (71C80000 - 71C87000)
NTDSAPI.dll (767A0000 - 767B3000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
xpsp2res.dll (01010000 - 012D5000)
inetpp.dll (74300000 - 74315000)

PID 1652 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
xpsp2res.dll (00630000 - 008F5000)
webclnt.dll (5A6E0000 - 5A6F5000)
WININET.dll (3D930000 - 3DA16000)
Normaliz.dll (00940000 - 00949000)
urlmon.dll (78130000 - 78263000)
iertutil.dll (3DFD0000 - 3E1B8000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)

PID 1744 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
hpqddsvc.dll (10000000 - 10023000)
hpqddcmn.dll (3AF00000 - 3AF2D000)
SETUPAPI.dll (77920000 - 77A13000)
WINSPOOL.DRV (73000000 - 73026000)
MSVCP80.dll (7C420000 - 7C4A7000)
MSVCR80.dll (78130000 - 781CB000)
xpsp2res.dll (006B0000 - 00975000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
hpqcxs08.dll (14A00000 - 14A36000)
SHFOLDER.dll (76780000 - 76789000)
SXS.DLL (7E720000 - 7E7D0000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
msi.dll (7D1E0000 - 7D49C000)
hpocxi08.dll (14200000 - 1426C000)
hpqcob08.dll (144C0000 - 144E2000)

PID 1780 - C:\Program Files\Java\jre6\bin\jqs.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
ole32.dll (774E0000 - 7761D000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
MSVCR71.dll (7C340000 - 7C396000)
IMM32.DLL (76390000 - 763AD000)
psapi.dll (76BF0000 - 76BFB000)
pdh.dll (74000000 - 74056000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
ODBC32.dll (74320000 - 7435D000)
odbcbcp.dll (711A0000 - 711A6000)
VERSION.dll (77C00000 - 77C08000)
OLEAUT32.dll (77120000 - 771AB000)
comctl32.dll (773D0000 - 774D3000)
odbcint.dll (007F0000 - 00807000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
perfos.dll (5E760000 - 5E76A000)
perfdisk.dll (5E790000 - 5E799000)

PID 1880 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
wiaservc.dll (75AA0000 - 75AF5000)
CFGMGR32.dll (74AE0000 - 74AE7000)
setupapi.DLL (77920000 - 77A13000)
mscms.dll (73B30000 - 73B45000)
WINSPOOL.DRV (73000000 - 73026000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
xpsp2res.dll (00680000 - 00945000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
actxprxy.dll (71D40000 - 71D5B000)
sti.dll (73BA0000 - 73BB3000)

PID 1992 - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
imagehlp.dll (76C90000 - 76CB8000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
WINHTTP.dll (4D4F0000 - 4D549000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
uxtheme.dll (5AD70000 - 5ADA8000)
xpsp2res.dll (00AB0000 - 00D75000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
VERSION.dll (77C00000 - 77C08000)
SETUPAPI.dll (77920000 - 77A13000)
ws2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
wintrust.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
schannel.dll (767F0000 - 76818000)
NETAPI32.dll (5B860000 - 5B8B5000)
USERENV.dll (769C0000 - 76A74000)
DNSAPI.dll (76F20000 - 76F47000)
rasadhlp.dll (76FC0000 - 76FC6000)
rsaenh.dll (68000000 - 68036000)
dssenh.dll (68100000 - 68126000)

PID 548 - C:\WINDOWS\Explorer.EXE
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
Explorer.EXE:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address: 5CB70000
Size: 00026000
Flags: 8000400C
Load count: 1
Name: Microsoft® Windows® Operating System
Prod. Version: 5.1.2600.5512
Company: Microsoft Corporation
File Version: 5.1.2600.5512 (xpsp.080413-2105)
Description: Shim Engine DLL
Location: C:\WINDOWS\system32\ShimEng.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address: 5CB70000
Size: 00026000
Flags: 8000400C
Load count: 1
Name: Microsoft® Windows® Operating System
Prod. Version: 5.1.2600.5512
Company: Microsoft Corporation
File Version: 5.1.2600.5512 (xpsp.080413-2105)
Description: Shim Engine DLL
Location: C:\WINDOWS\system32\ShimEng.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RPCRT4.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
Secur32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
BROWSEUI.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
GDI32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USER32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msvcrt.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ole32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SHLWAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
OLEAUT32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SHDOCVW.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CRYPT32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSASN1.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CRYPTUI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
NETAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
VERSION.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WININET.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
urlmon.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
iertutil.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINTRUST.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
IMAGEHLP.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WLDAP32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SHELL32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
UxTheme.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINMM.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSACM32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USERENV.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
IMM32.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
apphelp.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msctfime.ime:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CLBCATQ.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
cscui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CSCDLL.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
themeui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ieframe.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msutb.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSCTF.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mshtml.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
PSAPI.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MLANG.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
IPHLPAPI.DLL:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WS2_32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WS2HELP.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
netman.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MPRAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ACTIVEDS.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
adsldpc.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ATL.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SETUPAPI.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
netshell.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
credui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WTSAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
eappcfg.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
RASAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
rasman.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
TAPI32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WZCSAPI.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WZCSvc.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DHCPCSVC.DLL:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DNSAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ESENT.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msi.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ntshrui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
LINKINFO.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msimtf.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
gdiplus.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
dciman32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
webcheck.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
stobject.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
BatMeter.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
rsaenh.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
wdmaud.drv :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MPR.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ntlanman.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
NETUI0.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
davclnt.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
fxsst.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINSPOOL.DRV:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
FXSAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
NTMARTA.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msv1_0.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SXS.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
wzcdlg.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINHTTP.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
actxprxy.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
zipfldr.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
7-zip.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mbamext.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DUSER.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSVCR80.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
BROWSEUI.dll (75F80000 - 7607D000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
msvcrt.dll (77C10000 - 77C68000)
ole32.dll (774E0000 - 7761D000)
SHLWAPI.dll (77F60000 - 77FD6000)
OLEAUT32.dll (77120000 - 771AB000)
SHDOCVW.dll (7E290000 - 7E403000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
CRYPTUI.dll (754D0000 - 75550000)
NETAPI32.dll (5B860000 - 5B8B5000)
VERSION.dll (77C00000 - 77C08000)
WININET.dll (3D930000 - 3DA16000)
Normaliz.dll (00400000 - 00409000)
urlmon.dll (78130000 - 78263000)
iertutil.dll (3DFD0000 - 3E1B8000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
WLDAP32.dll (76F60000 - 76F8C000)
SHELL32.dll (7C9C0000 - 7D1D7000)
UxTheme.dll (5AD70000 - 5ADA8000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
MSACM32.dll (77BE0000 - 77BF5000)
USERENV.dll (769C0000 - 76A74000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
cscui.dll (77A20000 - 77A74000)
CSCDLL.dll (76600000 - 7661D000)
themeui.dll (5BA60000 - 5BAD1000)
MSIMG32.dll (76380000 - 76385000)
xpsp2res.dll (01310000 - 015D5000)
ieframe.dll (3E1C0000 - 3EC54000)
msutb.dll (5FC10000 - 5FC43000)
MSCTF.dll (74720000 - 7476C000)
SAMLIB.dll (71BF0000 - 71C03000)
mshtml.dll (3CEA0000 - 3D450000)
msls31.dll (01880000 - 018A9000)
PSAPI.DLL (76BF0000 - 76BFB000)
MLANG.dll (75CF0000 - 75D81000)
IPHLPAPI.DLL (76D60000 - 76D79000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
netman.dll (77D00000 - 77D33000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
ATL.DLL (76B20000 - 76B31000)
rtutils.dll (76E80000 - 76E8E000)
SETUPAPI.dll (77920000 - 77A13000)
netshell.dll (76400000 - 765A5000)
credui.dll (76C00000 - 76C2E000)
dot3api.dll (478C0000 - 478CA000)
dot3dlg.dll (736D0000 - 736D6000)
OneX.DLL (5DCA0000 - 5DCC8000)
WTSAPI32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
eappcfg.dll (745B0000 - 745D2000)
MSVCP60.dll (76080000 - 760E5000)
eappprxy.dll (5DCD0000 - 5DCDE000)
RASAPI32.dll (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
WZCSAPI.DLL (73030000 - 73040000)
WZCSvc.DLL (7DB10000 - 7DB9C000)
WMI.dll (76D30000 - 76D34000)
DHCPCSVC.DLL (7D4B0000 - 7D4D2000)
DNSAPI.dll (76F20000 - 76F47000)
EapolQec.dll (72810000 - 7281B000)
QUtil.dll (726C0000 - 726D6000)
ESENT.dll (606B0000 - 607BD000)
sensapi.dll (722B0000 - 722B5000)
msi.dll (7D1E0000 - 7D49C000)
ntshrui.dll (76990000 - 769B5000)
LINKINFO.dll (76980000 - 76988000)
msimtf.dll (746F0000 - 7471A000)
gdiplus.dll (4EC50000 - 4EDFB000)
dciman32.dll (73BC0000 - 73BC6000)
webcheck.dll (03010000 - 0304D000)
stobject.dll (76280000 - 762A1000)
BatMeter.dll (74AF0000 - 74AFA000)
POWRPROF.dll (74AD0000 - 74AD8000)
rsaenh.dll (68000000 - 68036000)
wdmaud.drv (72D20000 - 72D29000)
msacm32.drv (72D10000 - 72D18000)
midimap.dll (77BD0000 - 77BD7000)
MPR.dll (71B20000 - 71B32000)
drprov.dll (75F60000 - 75F67000)
ntlanman.dll (71C10000 - 71C1E000)
NETUI0.dll (71CD0000 - 71CE7000)
NETUI1.dll (71C90000 - 71CD0000)
NETRAP.dll (71C80000 - 71C87000)
davclnt.dll (75F70000 - 75F7A000)
fxsst.dll (68DF0000 - 68E7D000)
WINSPOOL.DRV (73000000 - 73026000)
FXSAPI.dll (5A980000 - 5A9F2000)
NTMARTA.DLL (77690000 - 776B1000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
SXS.DLL (7E720000 - 7E7D0000)
wzcdlg.dll (5DF10000 - 5DF70000)
WINHTTP.dll (4D4F0000 - 4D549000)
xpsp3res.dll (20000000 - 200AA000)
actxprxy.dll (71D40000 - 71D5B000)
zipfldr.dll (73380000 - 733D7000)
7-zip.dll (10000000 - 10014000)
mbamext.dll (01A90000 - 01AA8000)
browselc.dll (71600000 - 71612000)
DUSER.dll (6C1B0000 - 6C1FD000)
PDFShell.dll (04430000 - 0448B000)
MSVCR80.dll (044A0000 - 0453B000)

PID 620 - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
VERSION.dll (77C00000 - 77C08000)
WINMM.dll (76B40000 - 76B6D000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
PSAPI.DLL (76BF0000 - 76BFB000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
SynCOM.dll (10000000 - 10028000)
apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
SynTPAPI.dll (63010000 - 63036000)
MSCTF.dll (74720000 - 7476C000)

PID 632 - C:\WINDOWS\RTHDCPL.EXE
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
DSOUND.DLL (73F10000 - 73F6C000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
ole32.dll (774E0000 - 7761D000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
VERSION.dll (77C00000 - 77C08000)
WINMM.dll (76B40000 - 76B6D000)
HHCTRL.OCX (7E4B0000 - 7E539000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
COMCTL32.dll (5D090000 - 5D12A000)
OLEAUT32.dll (77120000 - 771AB000)
SETUPAPI.DLL (77920000 - 77A13000)
MPR.DLL (71B20000 - 71B32000)
WINSPOOL.DRV (73000000 - 73026000)
COMDLG32.DLL (763B0000 - 763F9000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
[i] Unable to load module C:\WINDOWS\RTHDCPL.EXE for checking.
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
wdmaud.drv (72D20000 - 72D29000)
msacm32.drv (72D10000 - 72D18000)
MSACM32.dll (77BE0000 - 77BF5000)
midimap.dll (77BD0000 - 77BD7000)
KsUser.dll (73EE0000 - 73EE4000)
MSCTF.dll (74720000 - 7476C000)

PID 1424 - C:\WINDOWS\system32\hkcmd.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
hccutils.DLL (10000000 - 1001A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
VERSION.dll (77C00000 - 77C08000)
xpsp2res.dll (00960000 - 00C25000)
igfxsrvc.dll (00F30000 - 00F41000)
msctfime.ime (755C0000 - 755EE000)
igfxres.dll (00F70000 - 00F9A000)
MSCTF.dll (74720000 - 7476C000)

PID 1432 - C:\WINDOWS\system32\igfxpers.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
VERSION.dll (77C00000 - 77C08000)
xpsp2res.dll (00910000 - 00BD5000)
igfxsrvc.dll (10000000 - 10011000)
msctfime.ime (755C0000 - 755EE000)
MSCTF.dll (74720000 - 7476C000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)

PID 1456 - C:\Program Files\Common Files\Java\Java Update\jusched.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
WININET.dll (3D930000 - 3DA16000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
Normaliz.dll (00350000 - 00359000)
urlmon.dll (78130000 - 78263000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
iertutil.dll (3DFD0000 - 3E1B8000)
SHELL32.dll (7C9C0000 - 7D1D7000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
uxtheme.dll (5AD70000 - 5ADA8000)

PID 1600 - C:\WINDOWS\system32\igfxsrvc.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
VERSION.dll (77C00000 - 77C08000)
xpsp2res.dll (00A20000 - 00CE5000)
igfxsrvc.dll (10000000 - 10011000)
igfxdev.dll (00FF0000 - 01026000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
MSCTF.dll (74720000 - 7476C000)

PID 1604 - C:\Program Files\Battery Meter\BTMeter.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
COMDLG32.dll (763B0000 - 763F9000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
COMCTL32.dll (773D0000 - 774D3000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
SHELL32.dll (7C9C0000 - 7D1D7000)
WINSPOOL.DRV (73000000 - 73026000)
oledlg.dll (7DF70000 - 7DF92000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
SETUPAPI.dll (77920000 - 77A13000)
EMSC.dll (10000000 - 10044000)
IMM32.DLL (76390000 - 763AD000)
uxtheme.dll (5AD70000 - 5ADA8000)
apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
MSCTF.dll (74720000 - 7476C000)

PID 1680 - C:\Program Files\Wireless Select Switch\WLSS.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
WTSAPI32.dll (76F50000 - 76F58000)
msvcrt.dll (77C10000 - 77C68000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
COMDLG32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINSPOOL.DRV (73000000 - 73026000)
oledlg.dll (7DF70000 - 7DF92000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
uxtheme.dll (5AD70000 - 5ADA8000)
apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
EMSC.dll (10000000 - 10044000)
MSCTF.dll (74720000 - 7476C000)

PID 1372 - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
SHELL32.dll (7C9C0000 - 7D1D7000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
uxtheme.dll (5AD70000 - 5ADA8000)
apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
ole32.dll (774E0000 - 7761D000)
MSCTF.dll (74720000 - 7476C000)
netapi32.dll (5B860000 - 5B8B5000)
SETUPAPI.dll (77920000 - 77A13000)

PID 368 - C:\WINDOWS\system32\ctfmon.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
msvcrt.dll (77C10000 - 77C68000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
MSCTF.dll (74720000 - 7476C000)
MSUTB.dll (5FC10000 - 5FC43000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
msctfime.ime (755C0000 - 755EE000)

PID 2596 - C:\WINDOWS\System32\alg.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
msvcrt.dll (77C10000 - 77C68000)
ATL.DLL (76B20000 - 76B31000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
MSWSOCK.DLL (71A50000 - 71A8F000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
xpsp2res.dll (00740000 - 00A05000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)

PID 2804 - C:\WINDOWS\system32\wscntfy.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
msvcrt.dll (77C10000 - 77C68000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
SHLWAPI.dll (77F60000 - 77FD6000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
xpsp2res.dll (007C0000 - 00A85000)
uxtheme.dll (5AD70000 - 5ADA8000)
MSCTF.dll (74720000 - 7476C000)
msctfime.ime (755C0000 - 755EE000)
ole32.dll (774E0000 - 7761D000)

PID 3080 - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
Cannot read memory @00002436: 8000000D
hpqstp08.rsc:SetUnhandledExceptionFilter--[HOOKED]-- @00002436
Cannot read memory @0000241A: 8000000D
hpqstp08.rsc:UnhandledExceptionFilter --[HOOKED]-- @0000241A
Cannot read memory @00002406: 8000000D
hpqstp08.rsc:GetCurrentProcess --[HOOKED]-- @00002406
Cannot read memory @000023F2: 8000000D
hpqstp08.rsc:TerminateProcess --[HOOKED]-- @000023F2
Cannot read memory @000023D8: 8000000D
hpqstp08.rsc:GetSystemTimeAsFileTime --[HOOKED]-- @000023D8
Cannot read memory @000023C2: 8000000D
hpqstp08.rsc:GetCurrentProcessId --[HOOKED]-- @000023C2
Cannot read memory @000023AC: 8000000D
hpqstp08.rsc:GetCurrentThreadId --[HOOKED]-- @000023AC
Cannot read memory @0000239C: 8000000D
hpqstp08.rsc:GetTickCount --[HOOKED]-- @0000239C
Cannot read memory @00002382: 8000000D
hpqstp08.rsc:QueryPerformanceCounter --[HOOKED]-- @00002382
Cannot read memory @00002364: 8000000D
hpqstp08.rsc:InterlockedCompareExchange--[HOOKED]-- @00002364
Cannot read memory @0000235C: 8000000D
hpqstp08.rsc:Sleep --[HOOKED]-- @0000235C
Cannot read memory @00002346: 8000000D
hpqstp08.rsc:InterlockedExchange --[HOOKED]-- @00002346
Cannot read memory @00002454: 8000000D
hpqstp08.rsc:IsDebuggerPresent --[HOOKED]-- @00002454
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINSPOOL.DRV (73000000 - 73026000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
ATL80.DLL (7C630000 - 7C64B000)
MSVCR80.dll (78130000 - 781CB000)
Cannot read memory @00002300: 8000000D
hpqstp08.rsc:_onexit --[HOOKED]-- @00002300
Cannot read memory @000022F8: 8000000D
hpqstp08.rsc:_lock --[HOOKED]-- @000022F8
Cannot read memory @00002330: 8000000D
hpqstp08.rsc:_crt_debugger_hook --[HOOKED]-- @00002330
Cannot read memory @000022EA: 8000000D
hpqstp08.rsc:__dllonexit --[HOOKED]-- @000022EA
Cannot read memory @000022E0: 8000000D
hpqstp08.rsc:_unlock --[HOOKED]-- @000022E0
Cannot read memory @000022BC: 8000000D
hpqstp08.rsc:__clean_type_info_names_internal--[HOOKED]-- @000022BC
Cannot read memory @000022AA: 8000000D
hpqstp08.rsc:__CppXcptFilter --[HOOKED]-- @000022AA
Cannot read memory @0000229A: 8000000D
hpqstp08.rsc:_adjust_fdiv --[HOOKED]-- @0000229A
Cannot read memory @0000228C: 8000000D
hpqstp08.rsc:_amsg_exit --[HOOKED]-- @0000228C
Cannot read memory @0000227E: 8000000D
hpqstp08.rsc:_initterm_e --[HOOKED]-- @0000227E
Cannot read memory @00002272: 8000000D
hpqstp08.rsc:_initterm --[HOOKED]-- @00002272
Cannot read memory @00002260: 8000000D
hpqstp08.rsc:_decode_pointer --[HOOKED]-- @00002260
Cannot read memory @00002250: 8000000D
hpqstp08.rsc:_encoded_null --[HOOKED]-- @00002250
Cannot read memory @00002248: 8000000D
hpqstp08.rsc:free --[HOOKED]-- @00002248
Cannot read memory @0000223A: 8000000D
hpqstp08.rsc:_malloc_crt --[HOOKED]-- @0000223A
Cannot read memory @00002316: 8000000D
hpqstp08.rsc:_except_handler4_common --[HOOKED]-- @00002316
Cannot read memory @00002228: 8000000D
hpqstp08.rsc:_encode_pointer --[HOOKED]-- @00002228
MSVCP80.dll (7C420000 - 7C4A7000)
IMM32.DLL (76390000 - 763AD000)
uxtheme.dll (5AD70000 - 5ADA8000)
MSCTF.dll (74720000 - 7476C000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
VERSION.dll (77C00000 - 77C08000)
msi.dll (7D1E0000 - 7D49C000)
xpsp2res.dll (00960000 - 00C25000)
SXS.DLL (7E720000 - 7E7D0000)
apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
hpqcob08.dll (144C0000 - 144E2000)
hpqwso08.dll (10000000 - 1007B000)
SETUPAPI.dll (77920000 - 77A13000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
cfgmgr32.dll (74AE0000 - 74AE7000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
hpqsti08.dll (17000000 - 17040000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
hpqgpb01.dll (011B0000 - 011C0000)
USERENV.dll (769C0000 - 76A74000)
hpqstp08.dll (17200000 - 17237000)
hpqstp08.rsc (011E0000 - 011E7000)
hpqssm08.dll (011F0000 - 01216000)
hpqtap08.dll (01240000 - 01250000)
MFC80.DLL (781D0000 - 782DD000)
MFC80ENU.DLL (5D360000 - 5D36E000)
hpodio08.dll (01410000 - 0150B000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
WTSAPI32.DLL (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
hpqsem08.rsc (01570000 - 01652000)
hpzipr12.dll (01670000 - 0167B000)
HpqSplh08.dll (01690000 - 016A2000)

PID 3160 - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
COMCTL32.dll (773D0000 - 774D3000)
msvcrt.dll (77C10000 - 77C68000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINMM.dll (76B40000 - 76B6D000)
MSIMG32.dll (76380000 - 76385000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MSVCP80.dll (7C420000 - 7C4A7000)
MSVCR80.dll (78130000 - 781CB000)
IMM32.DLL (76390000 - 763AD000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
VERSION.dll (77C00000 - 77C08000)
msi.dll (7D1E0000 - 7D49C000)
xpsp2res.dll (00A00000 - 00CC5000)
uxtheme.dll (5AD70000 - 5ADA8000)
SXS.DLL (7E720000 - 7E7D0000)
MSCTF.dll (74720000 - 7476C000)
apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)

PID 3208 - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
MSVCR80.dll (78130000 - 781CB000)
msvcrt.dll (77C10000 - 77C68000)
MFC80U.DLL (782E0000 - 783EC000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
SHLWAPI.dll (77F60000 - 77FD6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
ATL80.DLL (7C630000 - 7C64B000)
IMM32.DLL (76390000 - 763AD000)
MFC80ENU.DLL (5D360000 - 5D36E000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
uxtheme.dll (5AD70000 - 5ADA8000)
MSCTF.dll (74720000 - 7476C000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
VERSION.dll (77C00000 - 77C08000)
msi.dll (7D1E0000 - 7D49C000)
xpsp2res.dll (00A40000 - 00D05000)
SXS.DLL (7E720000 - 7E7D0000)
jscript.dll (3D7A0000 - 3D854000)
USERENV.dll (769C0000 - 76A74000)

PID 2816 - C:\Program Files\internet explorer\iexplore.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
iexplore.exe:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address: 5CB70000
Size: 00026000
Flags: 8000400C
Load count: 1
Name: Microsoft® Windows® Operating System
Prod. Version: 5.1.2600.5512
Company: Microsoft Corporation
File Version: 5.1.2600.5512 (xpsp.080413-2105)
Description: Shim Engine DLL
Location: C:\WINDOWS\system32\ShimEng.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
iexplore.exe:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\AppPatch\AcLayers.DLL:
Base address: 71590000
Size: 00079000
Flags: 80084004
Load count: 1
Name: Microsoft® Windows® Operating System
Prod. Version: 5.1.2600.5906
Company: Microsoft Corporation
File Version: 5.1.2600.5906 (xpsp_sp3_gdr.091120-1307)
Description: Windows Compatibility DLL
Location: C:\WINDOWS\AppPatch\AcLayers.DLL
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
iexplore.exe:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\AppPatch\AcLayers.DLL:
Base address: 71590000
Size: 00079000
Flags: 80084004
Load count: 1
Name: Microsoft® Windows® Operating System
Prod. Version: 5.1.2600.5906
Company: Microsoft Corporation
File Version: 5.1.2600.5906 (xpsp_sp3_gdr.091120-1307)
Description: Windows Compatibility DLL
Location: C:\WINDOWS\AppPatch\AcLayers.DLL
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
iexplore.exe:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\AppPatch\AcLayers.DLL:
Base address: 71590000
Size: 00079000
Flags: 80084004
Load count: 1
Name: Microsoft® Windows® Operating System
Prod. Version: 5.1.2600.5906
Company: Microsoft Corporation
File Version: 5.1.2600.5906 (xpsp_sp3_gdr.091120-1307)
Description: Windows Compatibility DLL
Location: C:\WINDOWS\AppPatch\AcLayers.DLL
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.dll:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
ADVAPI32.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
ADVAPI32.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
ADVAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
RPCRT4.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
RPCRT4.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
RPCRT4.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
Secur32.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
Secur32.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
Secur32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USER32.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
USER32.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
USER32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USER32.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
GDI32.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
GDI32.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
GDI32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
GDI32.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
msvcrt.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msvcrt.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
SHLWAPI.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
SHLWAPI.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
SHLWAPI.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
SHLWAPI.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
SHLWAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SHELL32.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
SHELL32.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
SHELL32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SHELL32.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
SHELL32.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
ole32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ole32.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
ole32.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
ole32.dll :LoadLibraryExW --[HOOKED]-- @451F1ACB by C:\Program Files\internet explorer\xpshims.dll
ole32.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
iertutil.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
iertutil.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
iertutil.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
urlmon.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
urlmon.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
urlmon.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
urlmon.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
urlmon.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
OLEAUT32.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
OLEAUT32.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
OLEAUT32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USERENV.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
USERENV.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
USERENV.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USERENV.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
WINSPOOL.DRV:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINSPOOL.DRV:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
WINSPOOL.DRV:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
WINSPOOL.DRV:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
IMM32.DLL :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
IMM32.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
comctl32.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
comctl32.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
comctl32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
IEFRAME.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
IEFRAME.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
IEFRAME.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
IEFRAME.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WININET.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
WININET.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
WININET.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WININET.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
ws2_32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ws2_32.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
WS2HELP.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
WS2HELP.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
VERSION.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
VERSION.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
VERSION.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
mswsock.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mswsock.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
mswsock.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
DNSAPI.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
DNSAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DNSAPI.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
comdlg32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comdlg32.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
comdlg32.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
xpshims.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
xpshims.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
uxtheme.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
uxtheme.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
uxtheme.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
MSCTF.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
MSCTF.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
MSCTF.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSCTF.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
appHelp.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
appHelp.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
appHelp.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
CLBCATQ.DLL :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
CLBCATQ.DLL :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
CLBCATQ.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
RASAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
RASAPI32.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
RASAPI32.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
rasman.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
rasman.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
rasman.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
NETAPI32.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
NETAPI32.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
NETAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
TAPI32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
TAPI32.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
rtutils.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
rtutils.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
WINMM.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
WINMM.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
WINMM.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINMM.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
msctfime.ime:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msctfime.ime:LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
msctfime.ime:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
msctfime.ime:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
IEUI.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
IEUI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msimtf.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msimtf.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
msv1_0.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
msv1_0.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
msv1_0.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
iphlpapi.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
iphlpapi.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
SETUPAPI.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
SETUPAPI.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SETUPAPI.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
oleacc.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
oleacc.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
oleacc.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
msfeeds.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msfeeds.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
msfeeds.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
hnetcfg.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
hnetcfg.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
hnetcfg.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
hnetcfg.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
MLANG.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
MLANG.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MLANG.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
rasadhlp.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
rasadhlp.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SXS.DLL :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
SXS.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SXS.DLL :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
SXS.DLL :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
actxprxy.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
actxprxy.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USP10.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
USP10.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mshtml.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mshtml.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
mshtml.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
mshtml.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
mshtml.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
PSAPI.DLL :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
PSAPI.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ieapfltr.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
ieapfltr.dll:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
ieapfltr.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
ieapfltr.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CRYPT32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CRYPT32.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
CRYPT32.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
CRYPT32.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
MSASN1.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
MSASN1.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
jscript.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
jscript.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
jscript.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
Flash10e.ocx:LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
Flash10e.ocx:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
Flash10e.ocx:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mscms.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mscms.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
wdmaud.drv :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
wdmaud.drv :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
WINTRUST.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINTRUST.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
WINTRUST.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
IMAGEHLP.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
IMAGEHLP.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
MSACM32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
iepeers.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
iepeers.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
iepeers.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
iepeers.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
iepeers.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
pdm.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
pdm.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
pdm.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
pdm.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
msdbg2.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
msdbg2.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
Dxtrans.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
Dxtrans.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ATL.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ATL.DLL :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
ATL.DLL :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
ATL.DLL :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
ddrawex.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
ddrawex.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DDRAW.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DDRAW.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
DCIMAN32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
Dxtmsft.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
schannel.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
schannel.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
schannel.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
rsaenh.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
rsaenh.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
rsaenh.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msxml3.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msxml3.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
msxml3.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
msxml3.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
LangWrbk.dll:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
LangWrbk.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
LangWrbk.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
vbscript.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
vbscript.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
vbscript.dll:LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
vbscript.dll:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
gdiplus.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
gdiplus.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
gdiplus.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
dssenh.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
dssenh.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
dssenh.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
cryptnet.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
cryptnet.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
cryptnet.dll:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
cryptnet.dll:LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
WINHTTP.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
WINHTTP.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINHTTP.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
WLDAP32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WLDAP32.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
D3DIM700.DLL:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
D3DIM700.DLL:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
PDFShell.dll:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
PDFShell.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
MSVCR80.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSVCR80.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
MSVCR80.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
msxml6.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msxml6.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
msxml6.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
msxml6.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
netman.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
netman.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
netman.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
netman.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
MPRAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MPRAPI.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
ACTIVEDS.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
ACTIVEDS.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
adsldpc.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
adsldpc.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
netshell.dll:LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
netshell.dll:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
netshell.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
netshell.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
credui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
credui.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
credui.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
WTSAPI32.dll:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
WTSAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
eappcfg.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
eappcfg.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
WZCSAPI.DLL :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
WZCSAPI.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WZCSAPI.DLL :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
WZCSvc.DLL :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
WZCSvc.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WZCSvc.DLL :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
DHCPCSVC.DLL:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DHCPCSVC.DLL:LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
DHCPCSVC.DLL:LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
QUtil.dll :LoadLibraryExW --[HOOKED]-- @715BA16B by C:\WINDOWS\AppPatch\AcLayers.DLL
ESENT.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ESENT.dll :LoadLibraryA --[HOOKED]-- @715B9E59 by C:\WINDOWS\AppPatch\AcLayers.DLL
ntshrui.dll :LoadLibraryExA --[HOOKED]-- @715B9F5D by C:\WINDOWS\AppPatch\AcLayers.DLL
ntshrui.dll :LoadLibraryW --[HOOKED]-- @715BA067 by C:\WINDOWS\AppPatch\AcLayers.DLL
ntshrui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
USER32.dll (7E410000 - 7E4A1000)
The code of CreateWindowExW at 7E42D0A3 (0) got patched. Here is the diff:
Address New-Original
7E42D0A3: E9 - 8B
7E42D0A4: 74 - FF
7E42D0A5: 0A - 55
7E42D0A6: EC - 8B
7E42D0A7: BF - EC
--> JMP DWORD PTR DS:[3E2EDB1C]
Disassembly old code:
7E42D0A3: 8BFF MOV EDI, EDI
7E42D0A5: 55 PUSH EBP
7E42D0A6: 8BEC MOV EBP, ESP

Disassembly new code:
7E42D0A3: E9 740AECBF JMP 3E2EDB1C
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of DialogBoxIndirectParamA at 7E456D7D (0) got patched. Here is the diff:
Address New-Original
7E456D7D: E9 - 8B
7E456D7E: F0 - FF
7E456D7F: DA - 55
7E456D80: F8 - 8B
7E456D81: BF - EC
--> JMP DWORD PTR DS:[3E3E4872]
Disassembly old code:
7E456D7D: 8BFF MOV EDI, EDI
7E456D7F: 55 PUSH EBP
7E456D80: 8BEC MOV EBP, ESP

Disassembly new code:
7E456D7D: E9 F0DAF8BF JMP 3E3E4872
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of DialogBoxIndirectParamW at 7E432072 (0) got patched. Here is the diff:
Address New-Original
7E432072: E9 - 8B
7E432073: 98 - FF
7E432074: 27 - 55
7E432075: FB - 8B
7E432076: BF - EC
--> JMP DWORD PTR DS:[3E3E480F]
Disassembly old code:
7E432072: 8BFF MOV EDI, EDI
7E432074: 55 PUSH EBP
7E432075: 8BEC MOV EBP, ESP

Disassembly new code:
7E432072: E9 9827FBBF JMP 3E3E480F
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of DialogBoxParamA at 7E43B144 (0) got patched. Here is the diff:
Address New-Original
7E43B144: E9 - 8B
7E43B145: 63 - FF
7E43B146: 96 - 55
7E43B147: FA - 8B
7E43B148: BF - EC
--> JMP DWORD PTR DS:[3E3E47AC]
Disassembly old code:
7E43B144: 8BFF MOV EDI, EDI
7E43B146: 55 PUSH EBP
7E43B147: 8BEC MOV EBP, ESP

Disassembly new code:
7E43B144: E9 6396FABF JMP 3E3E47AC
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of DialogBoxParamW at 7E4247AB (0) got patched. Here is the diff:
Address New-Original
7E4247AB: E9 - 8B
7E4247AC: 15 - FF
7E4247AD: 0D - 55
7E4247AE: DF - 8B
7E4247AF: BF - EC
--> JMP DWORD PTR DS:[3E2154C5]
Disassembly old code:
7E4247AB: 8BFF MOV EDI, EDI
7E4247AD: 55 PUSH EBP
7E4247AE: 8BEC MOV EBP, ESP

Disassembly new code:
7E4247AB: E9 150DDFBF JMP 3E2154C5
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of MessageBoxExA at 7E45085C (0) got patched. Here is the diff:
Address New-Original
7E45085C: E9 - 8B
7E45085D: 13 - FF
7E45085E: 3E - 55
7E45085F: F9 - 8B
7E450860: BF - EC
--> JMP DWORD PTR DS:[3E3E4674]
Disassembly old code:
7E45085C: 8BFF MOV EDI, EDI
7E45085E: 55 PUSH EBP
7E45085F: 8BEC MOV EBP, ESP

Disassembly new code:
7E45085C: E9 133EF9BF JMP 3E3E4674
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of MessageBoxExW at 7E450838 (0) got patched. Here is the diff:
Address New-Original
7E450838: E9 - 8B
7E450839: D5 - FF
7E45083A: 3D - 55
7E45083B: F9 - 8B
7E45083C: BF - EC
--> JMP DWORD PTR DS:[3E3E4612]
Disassembly old code:
7E450838: 8BFF MOV EDI, EDI
7E45083A: 55 PUSH EBP
7E45083B: 8BEC MOV EBP, ESP

Disassembly new code:
7E450838: E9 D53DF9BF JMP 3E3E4612
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of MessageBoxIndirectA at 7E43A082 (0) got patched. Here is the diff:
Address New-Original
7E43A082: E9 - 8B
7E43A083: BA - FF
7E43A084: A6 - 55
7E43A085: FA - 8B
7E43A086: BF - EC
--> JMP DWORD PTR DS:[3E3E4741]
Disassembly old code:
7E43A082: 8BFF MOV EDI, EDI
7E43A084: 55 PUSH EBP
7E43A085: 8BEC MOV EBP, ESP

Disassembly new code:
7E43A082: E9 BAA6FABF JMP 3E3E4741
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of MessageBoxIndirectW at 7E4664D5 (0) got patched. Here is the diff:
Address New-Original
7E4664D5: E9 - 8B
7E4664D6: FC - FF
7E4664D7: E1 - 55
7E4664D8: F7 - 8B
7E4664D9: BF - EC
--> JMP DWORD PTR DS:[3E3E46D6]
Disassembly old code:
7E4664D5: 8BFF MOV EDI, EDI
7E4664D7: 55 PUSH EBP
7E4664D8: 8BEC MOV EBP, ESP

Disassembly new code:
7E4664D5: E9 FCE1F7BF JMP 3E3E46D6
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ole32.dll (774E0000 - 7761D000)
The code of OleLoadFromStream at 77529C85 (0) got patched. Here is the diff:
Address New-Original
77529C85: E9 - 8B
77529C86: ED - FF
77529C87: AE - 55
77529C88: EB - 8B
77529C89: C6 - EC
--> JMP DWORD PTR DS:[3E3E4B77]
Disassembly old code:
77529C85: 8BFF MOV EDI, EDI
77529C87: 55 PUSH EBP
77529C88: 8BEC MOV EBP, ESP

Disassembly new code:
77529C85: E9 EDAEEBC6 JMP 3E3E4B77
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
iertutil.dll (3DFD0000 - 3E1B8000)
urlmon.dll (78130000 - 78263000)
OLEAUT32.dll (77120000 - 771AB000)
The code of OleCreatePropertyFrameIndirect at 77187D28 (0) got patched. Here is the diff:
Address New-Original
77187D28: E9 - 8B
77187D29: C1 - FF
77187D2A: D6 - 55
77187D2B: 25 - 8B
77187D2C: C7 - EC
--> JMP DWORD PTR DS:[3E3E53EE]
Disassembly old code:
77187D28: 8BFF MOV EDI, EDI
77187D2A: 55 PUSH EBP
77187D2B: 8BEC MOV EBP, ESP

Disassembly new code:
77187D28: E9 C1D625C7 JMP 3E3E53EE
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of SysAllocStringByteLen at 77124C35 (0) got patched. Here is the diff:
Address New-Original
77124C35: E9 - 8B
77124C36: E5 - FF
77124C37: 0A - 55
77124C38: 2C - 8B
77124C39: C7 - EC
--> JMP DWORD PTR DS:[3E3E571F]
Disassembly old code:
77124C35: 8BFF MOV EDI, EDI
77124C37: 55 PUSH EBP
77124C38: 8BEC MOV EBP, ESP

Disassembly new code:
77124C35: E9 E50A2CC7 JMP 3E3E571F
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of SysFreeString at 77124880 (0) got patched. Here is the diff:
Address New-Original
77124880: E9 - 8B
77124881: 5A - FF
77124882: 03 - 55
77124883: 2C - 8B
77124884: C7 - EC
--> JMP DWORD PTR DS:[3E3E4BDF]
Disassembly old code:
77124880: 8BFF MOV EDI, EDI
77124882: 55 PUSH EBP
77124883: 8BEC MOV EBP, ESP

Disassembly new code:
77124880: E9 5A032CC7 JMP 3E3E4BDF
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VariantChangeType at 77126BBB (0) got patched. Here is the diff:
Address New-Original
77126BBB: E9 - 8B
77126BBC: AA - FF
77126BBD: EB - 55
77126BBE: 2B - 8B
77126BBF: C7 - EC
--> JMP DWORD PTR DS:[3E3E576A]
Disassembly old code:
77126BBB: 8BFF MOV EDI, EDI
77126BBD: 55 PUSH EBP
77126BBE: 8BEC MOV EBP, ESP

Disassembly new code:
77126BBB: E9 AAEB2BC7 JMP 3E3E576A
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VariantClear at 771248F0 (0) got patched. Here is the diff:
Address New-Original
771248F0: E9 - 8B
771248F1: C4 - FF
771248F2: 0E - 55
771248F3: 2C - 8B
771248F4: C7 - EC
--> JMP DWORD PTR DS:[3E3E57B9]
Disassembly old code:
771248F0: 8BFF MOV EDI, EDI
771248F2: 55 PUSH EBP
771248F3: 8BEC MOV EBP, ESP

Disassembly new code:
771248F0: E9 C40E2CC7 JMP 3E3E57B9
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ShimEng.dll (5CB70000 - 5CB96000)
AcLayers.DLL (71590000 - 71609000)
USERENV.dll (769C0000 - 76A74000)
WINSPOOL.DRV (73000000 - 73026000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
The code of PropertySheet at 773DCF5D (0) got patched. Here is the diff:
Address New-Original
773DCF5D: E9 - 8B
773DCF5E: E3 - FF
773DCF5F: 8E - 55
773DCF60: 00 - 8B
773DCF61: C7 - EC
--> JMP DWORD PTR DS:[3E3E5E45]
Disassembly old code:
773DCF5D: 8BFF MOV EDI, EDI
773DCF5F: 55 PUSH EBP
773DCF60: 8BEC MOV EBP, ESP

Disassembly new code:
773DCF5D: E9 E38E00C7 JMP 3E3E5E45
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of PropertySheetA at 773DCF5D (0) got patched. Here is the diff:
Address New-Original
773DCF5D: E9 - 8B
773DCF5E: E3 - FF
773DCF5F: 8E - 55
773DCF60: 00 - 8B
773DCF61: C7 - EC
--> JMP DWORD PTR DS:[3E3E5E45]
Disassembly old code:
773DCF5D: 8BFF MOV EDI, EDI
773DCF5F: 55 PUSH EBP
773DCF60: 8BEC MOV EBP, ESP

Disassembly new code:
773DCF5D: E9 E38E00C7 JMP 3E3E5E45
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of PropertySheetW at 773DCF45 (0) got patched. Here is the diff:
Address New-Original
773DCF45: E9 - 8B
773DCF46: 5B - FF
773DCF47: 8E - 55
773DCF48: 00 - 8B
773DCF49: C7 - EC
--> JMP DWORD PTR DS:[3E3E5DA5]
Disassembly old code:
773DCF45: 8BFF MOV EDI, EDI
773DCF47: 55 PUSH EBP
773DCF48: 8BEC MOV EBP, ESP

Disassembly new code:
773DCF45: E9 5B8E00C7 JMP 3E3E5DA5
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
comctl32.dll (5D090000 - 5D12A000)
IEFRAME.dll (3E1C0000 - 3EC54000)
WININET.dll (3D930000 - 3DA16000)
Normaliz.dll (009B0000 - 009B9000)
ws2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
VERSION.dll (77C00000 - 77C08000)
mswsock.dll (71A50000 - 71A8F000)
DNSAPI.dll (76F20000 - 76F47000)
comdlg32.dll (763B0000 - 763F9000)
The code of PageSetupDlgW at 763D4906 (0) got patched. Here is the diff:
Address New-Original
763D4906: E9 - 8B
763D4907: 15 - FF
763D4908: 0C - 55
763D4909: 01 - 8B
763D490A: C8 - EC
--> JMP DWORD PTR DS:[3E3E5520]
Disassembly old code:
763D4906: 8BFF MOV EDI, EDI
763D4908: 55 PUSH EBP
763D4909: 8BEC MOV EBP, ESP

Disassembly new code:
763D4906: E9 150C01C8 JMP 3E3E5520
Patched by C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\IEFRAME.dll!ImportCookieFileByProcessW+0xC1B4D206:
Base address: 3E1C0000
Size: 00A94000
Flags: 800C4004
Load count: 5
Name: Windows® Internet Explorer
Prod. Version: 8.00.6001.18928
Company: Microsoft Corporation
File Version: 8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)
Description: Internet Explorer
Location: C:\WINDOWS\system32\IEFRAME.dll
Signed: YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
xpshims.dll (451F0000 - 451F6000)
uxtheme.dll (5AD70000 - 5ADA8000)
MSCTF.dll (74720000 - 7476C000)
xpsp2res.dll (01450000 - 01715000)
appHelp.dll (77B40000 - 77B62000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
RASAPI32.dll (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
NETAPI32.dll (5B860000 - 5B8B5000)
TAPI32.dll (76EB0000 - 76EDF000)
rtutils.dll (76E80000 - 76E8E000)
WINMM.dll (76B40000 - 76B6D000)
sensapi.dll (722B0000 - 722B5000)
msctfime.ime (755C0000 - 755EE000)
IEUI.dll (01CF0000 - 01D1A000)
MSIMG32.dll (76380000 - 76385000)
msimtf.dll (746F0000 - 7471A000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
iphlpapi.dll (76D60000 - 76D79000)
SETUPAPI.dll (77920000 - 77A13000)
oleacc.dll (74C80000 - 74CAC000)
MSVCP60.dll (76080000 - 760E5000)
xmllite.dll (47060000 - 47081000)
ieproxy.dll (439B0000 - 439F0000)
msfeeds.dll (435A0000 - 43635000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
MLANG.dll (75CF0000 - 75D81000)
rasadhlp.dll (76FC0000 - 76FC6000)
SXS.DLL (7E720000 - 7E7D0000)
actxprxy.dll (71D40000 - 71D5B000)
USP10.dll (74D90000 - 74DFB000)
mshtml.dll (3CEA0000 - 3D450000)
msls31.dll (031C0000 - 031E9000)
PSAPI.DLL (76BF0000 - 76BFB000)
ieapfltr.dll (72EA0000 - 72F0F000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
jscript.dll (3D7A0000 - 3D854000)
Flash10e.ocx (10000000 - 104A4000)
mscms.dll (73B30000 - 73B45000)
wdmaud.drv (72D20000 - 72D29000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
msacm32.drv (72D10000 - 72D18000)
MSACM32.dll (77BE0000 - 77BF5000)
midimap.dll (77BD0000 - 77BD7000)
iepeers.dll (42070000 - 4209F000)
ImgUtil.dll (1B000000 - 1B00C000)
pdm.dll (3F320000 - 3F378000)
msdbg2.dll (3F0E0000 - 3F122000)
Dxtrans.dll (35C50000 - 35C89000)
ATL.DLL (76B20000 - 76B31000)
ddrawex.dll (6D430000 - 6D43A000)
DDRAW.dll (73760000 - 737AB000)
DCIMAN32.dll (73BC0000 - 73BC6000)
Dxtmsft.dll (35CB0000 - 35D07000)
schannel.dll (767F0000 - 76818000)
rsaenh.dll (68000000 - 68036000)
msxml3.dll (74980000 - 74AA3000)
LangWrbk.dll (62C70000 - 62C89000)
vbscript.dll (73300000 - 7336A000)
gdiplus.dll (4EC50000 - 4EDFB000)
dssenh.dll (68100000 - 68126000)
cryptnet.dll (75E60000 - 75E73000)
WINHTTP.dll (4D4F0000 - 4D549000)
WLDAP32.dll (76F60000 - 76F8C000)
D3DIM700.DLL (73940000 - 73A10000)
PDFShell.dll (01E30000 - 01E8B000)
MSVCR80.dll (07190000 - 0722B000)
msxml6.dll (3D5F0000 - 3D74A000)
netman.dll (77D00000 - 77D33000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
SAMLIB.dll (71BF0000 - 71C03000)
netshell.dll (76400000 - 765A5000)
credui.dll (76C00000 - 76C2E000)
dot3api.dll (478C0000 - 478CA000)
dot3dlg.dll (736D0000 - 736D6000)
OneX.DLL (5DCA0000 - 5DCC8000)
WTSAPI32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
eappcfg.dll (745B0000 - 745D2000)
eappprxy.dll (5DCD0000 - 5DCDE000)
WZCSAPI.DLL (73030000 - 73040000)
WZCSvc.DLL (7DB10000 - 7DB9C000)
WMI.dll (76D30000 - 76D34000)
DHCPCSVC.DLL (7D4B0000 - 7D4D2000)
EapolQec.dll (72810000 - 7281B000)
QUtil.dll (726C0000 - 726D6000)
ESENT.dll (606B0000 - 607BD000)
ntshrui.dll (76990000 - 769B5000)

PID 1416 - C:\WINDOWS\System32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
hpzipm12.dll (00670000 - 00680000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
setupapi.dll (77920000 - 77A13000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)

PID 1404 - C:\Documents and Settings\Miki\Desktop\radix_installer\radixgui.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
comdlg32.dll (763B0000 - 763F9000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
VERSION.dll (77C00000 - 77C08000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
wintrust.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
sfc.dll (76BB0000 - 76BB5000)
sfc_os.dll (76C60000 - 76C8A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
uxtheme.dll (5AD70000 - 5ADA8000)
MSCTF.dll (74720000 - 7476C000)
apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
DisasmEngineDLL.dll (10000000 - 10021000)
xpsp2res.dll (020B0000 - 02375000)
rsaenh.dll (68000000 - 68036000)
userenv.dll (769C0000 - 76A74000)
netapi32.dll (5B860000 - 5B8B5000)
cryptnet.dll (75E60000 - 75E73000)
PSAPI.DLL (76BF0000 - 76BFB000)
SensApi.dll (722B0000 - 722B5000)
WINHTTP.dll (4D4F0000 - 4D549000)
ws2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
RASAPI32.DLL (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
rtutils.dll (76E80000 - 76E8E000)
WINMM.dll (76B40000 - 76B6D000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
iphlpapi.dll (76D60000 - 76D79000)
DNSAPI.dll (76F20000 - 76F47000)
rasadhlp.dll (76FC0000 - 76FC6000)
---- Check ended at 7.8.2010 22:28:25 ----

Do you have a program called WebDav Mini-Redirector?

i do not believe so.

Oh ok.

How is the computer performing overall?

still doing the same things. it is terrible at redirecting when i am trying to search the internet. the desktop keeps rearraging my icons. i keep getting attacks from malware. and today, i noticed that the internet explorer icon on the desktop has dissappeared. so overall i would say the computer acts werid.

Do the redirects happen in one web browser, or more than one?

only internet explorer is installed on this computer. so i only know that they are happing on it.

Ok. We are dealing with a new type of rootkit, which is not showing itself.

If we cannot find it, I may have to suggest that we recommend a reformat and reinstall.

But, I want to look closer at these results, first:

Open RootkitUnhooker, if it is still installed, and do a scan like before, and then post the log.

Never mind my last post.

I would like to try something another friend advised me to:

Go to start > run, type in CMD and hit OK.

Type in ipconfig /flushdns

Once that is done, reboot your computer, then see if the redirects continue.

i did this, but it is still redirecting.

I want to see if this helps to find it, since it has been updated lately.

Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
  
• Run the program RootRepeal.exe.
  
• Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
  
• Go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the Desktop.
  
• Please copy/paste the contents of the report in your next reply.
  

Please remove any e-mail address in the RootRepeal report (if present).

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/08/23 06:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA025000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF899E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA88FE000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.sys
  %systemroot%\system32\drivers\*.dll
  %systemroot%\system32\drivers\*.ini
  %systemroot%\system32\drivers\*.exe
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  disk.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  usbstor.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr