RkUnhooker report generator v0.6 ============================================== Rootkit Unhooker kernel version: 3.31.150.420 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >SSDT State NtCreateProcess Actual Address 0xF78A1662 Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys NtCreateProcessEx Actual Address 0xF78A16F6 Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys NtCreateSection Actual Address 0xF78A10A6 Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys NtCreateThread Actual Address 0xF78A0F5C Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys NtWriteVirtualMemory Actual Address 0xF78A0FDC Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys ============================================== >Processes Process: System Process Id: 4 EPROCESS Address: 0x867C4830 Process: C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe Process Id: 156 EPROCESS Address: 0x85996020 Process: C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe Process Id: 180 EPROCESS Address: 0x85999938 Process: C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe Process Id: 188 EPROCESS Address: 0x85992628 Process: C:\Program Files\F-Secure\common\FSMA32.EXE Process Id: 232 EPROCESS Address: 0x8598F840 Process: C:\Program Files\F-Secure\common\FSMB32.EXE Process Id: 348 EPROCESS Address: 0x85982778 Process: C:\Program Files\F-Secure\Anti-Virus\fssm32.exe Process Id: 356 EPROCESS Address: 0x8597E878 Process: D:\Program Files\Logitech\Easy Synchronization\servicestub.exe Process Id: 376 EPROCESS Address: 0x8597C020 Process: C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe Process Id: 444 EPROCESS Address: 0x8518DDA0 Process: D:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe Process Id: 476 EPROCESS Address: 0x8597B0E8 Process: C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe Process Id: 492 EPROCESS Address: 0x85967130 Process: C:\Program Files\Outlook Express\msimn.exe Process Id: 556 EPROCESS Address: 0x85D6B318 Process: C:\WINDOWS\system32\svchost.exe Process Id: 564 EPROCESS Address: 0x859644A8 Process: C:\WINDOWS\system32\smss.exe Process Id: 660 EPROCESS Address: 0x86686DA0 Process: C:\Program Files\F-Secure\common\FCH32.EXE Process Id: 732 EPROCESS Address: 0x85952020 Process: C:\WINDOWS\system32\csrss.exe Process Id: 736 EPROCESS Address: 0x85C0B020 Process: C:\WINDOWS\system32\winlogon.exe Process Id: 764 EPROCESS Address: 0x85B73128 Process: C:\WINDOWS\system32\services.exe Process Id: 808 EPROCESS Address: 0x85B70B50 Process: C:\WINDOWS\system32\lsass.exe Process Id: 820 EPROCESS Address: 0x85B73978 Process: C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE Process Id: 924 EPROCESS Address: 0x8522DB70 Process: C:\WINDOWS\system32\svchost.exe Process Id: 988 EPROCESS Address: 0x85A36A78 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1076 EPROCESS Address: 0x85A26DA0 Process: D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe Process Id: 1148 EPROCESS Address: 0x850CC4E0 Process: C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe Process Id: 1164 EPROCESS Address: 0x8594BDA0 Process: C:\Program Files\Windows Defender\MsMpEng.exe Process Id: 1220 EPROCESS Address: 0x85A0B208 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1260 EPROCESS Address: 0x85A04D08 Process: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe Process Id: 1304 EPROCESS Address: 0x85A22020 Process: C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE Process Id: 1332 EPROCESS Address: 0x85A1DAE8 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1360 EPROCESS Address: 0x85A17020 Process: C:\WINDOWS\system32\ctfmon.exe Process Id: 1408 EPROCESS Address: 0x8522F020 Process: C:\Program Files\F-Secure\Anti-Virus\fsqh.exe Process Id: 1496 EPROCESS Address: 0x859343B0 Process: C:\Program Files\F-Secure\common\FAMEH32.EXE Process Id: 1500 EPROCESS Address: 0x85913C08 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1600 EPROCESS Address: 0x859D9020 Process: C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe Process Id: 1624 EPROCESS Address: 0x858FA6A0 Process: C:\Program Files\QuickTime\qttask.exe Process Id: 1640 EPROCESS Address: 0x85DD34E0 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1672 EPROCESS Address: 0x859F63A0 Process: C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe Process Id: 1692 EPROCESS Address: 0x85D17A80 Process: C:\Program Files\F-Secure\Anti-Virus\FSRW.exe Process Id: 1752 EPROCESS Address: 0x85914508 Process: C:\WINDOWS\system32\spoolsv.exe Process Id: 1828 EPROCESS Address: 0x859B9DA0 Process: D:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe Process Id: 1896 EPROCESS Address: 0x850F5020 Process: C:\PROGRA~1\F-Secure\BackWeb\7681197\program\SERVIC~1.EXE Process Id: 1988 EPROCESS Address: 0x85C036E8 Process: C:\PROGRA~1\F-Secure\ANTI-S~1\FSAW.exe Process Id: 2000 EPROCESS Address: 0x85232A20 Process: C:\Program Files\Juniper Networks\Common Files\dsNcService.exe Process Id: 2020 EPROCESS Address: 0x859CE910 Process: D:\Program Files\Giganology\Gigaget\Gigaget.exe Process Id: 2116 EPROCESS Address: 0x85D5E718 Process: C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe Process Id: 2124 EPROCESS Address: 0x858CEA20 Process: D:\Program Files\Logitech\MediaLife\MediaLifeService.exe Process Id: 2264 EPROCESS Address: 0x8517E938 Process: C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe Process Id: 2348 EPROCESS Address: 0x85196298 Process: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Process Id: 2352 EPROCESS Address: 0x85211990 Process: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Process Id: 2372 EPROCESS Address: 0x85173280 Process: C:\Program Files\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe Process Id: 2428 EPROCESS Address: 0x851FB5B0 Process: D:\Program Files\iTunes\iTunesHelper.exe Process Id: 2444 EPROCESS Address: 0x8517CB60 Process: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Process Id: 2472 EPROCESS Address: 0x851F5458 Process: C:\Program Files\F-Secure\common\FSM32.EXE Process Id: 2500 EPROCESS Address: 0x857D2918 Process: C:\Program Files\F-Secure\common\FNRB32.exe Process Id: 2548 EPROCESS Address: 0x85844DA0 Process: C:\Program Files\iPod\bin\iPodService.exe Process Id: 2572 EPROCESS Address: 0x850F15E8 Process: C:\WINDOWS\explorer.exe Process Id: 2636 EPROCESS Address: 0x858FBA20 Process: C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe Process Id: 2652 EPROCESS Address: 0x851492F0 Process: C:\Program Files\F-Secure\FWES\program\fsdfwd.exe Process Id: 2664 EPROCESS Address: 0x8583E6A0 Process: C:\Program Files\F-Secure\common\FIH32.exe Process Id: 2668 EPROCESS Address: 0x8583AA20 Process: C:\WINDOWS\ALCWZRD.EXE Process Id: 2680 EPROCESS Address: 0x857273C0 Process: C:\WINDOWS\system32\alg.exe Process Id: 2720 EPROCESS Address: 0x8583F860 Process: C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe Process Id: 3100 EPROCESS Address: 0x8582A228 Process: C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe Process Id: 3204 EPROCESS Address: 0x859F9AE8 Process: C:\Program Files\Windows Defender\MSASCui.exe Process Id: 3216 EPROCESS Address: 0x85759A30 Process: C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe Process Id: 3444 EPROCESS Address: 0x85776940 Process: C:\WINDOWS\system32\svchost.exe Process Id: 3496 EPROCESS Address: 0x85728360 Process: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe Process Id: 3548 EPROCESS Address: 0x85E04DA0 Process: C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe Process Id: 3644 EPROCESS Address: 0x850E88E0 Process: D:\Program Files\TomTom HOME\TomTomHOME.exe Process Id: 3676 EPROCESS Address: 0x8519A7D8 Process: D:\Program Files\Logitech\SetPoint\SetPoint.exe Process Id: 3736 EPROCESS Address: 0x850C69A0 Process: C:\Program Files\F-Secure\FSGUI\fsguidll.exe Process Id: 3780 EPROCESS Address: 0x85E04960 Process: C:\Program Files\Messenger\msmsgs.exe Process Id: 3796 EPROCESS Address: 0x85DB2DA0 Process: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe Process Id: 3916 EPROCESS Address: 0x85197AE8 Process: D:\Program Files\Nikon\PictureProject\NkbMonitor.exe Process Id: 3944 EPROCESS Address: 0x851ED798 Process: C:\WINDOWS\SOUNDMAN.EXE Process Id: 3980 EPROCESS Address: 0x85115860 Process: D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Process Id: 4068 EPROCESS Address: 0x85B63488 Process: C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe Process Id: 4632 EPROCESS Address: 0x85D0D8D0 Process: C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe Process Id: 4740 EPROCESS Address: 0x85D0A880 Process: C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe Process Id: 4772 EPROCESS Address: 0x85135DA0 Process: C:\WINDOWS\system32\ntvdm.exe Process Id: 5324 EPROCESS Address: 0x851C9020 Process: C:\Program Files\Internet Explorer\iexplore.exe Process Id: 5476 EPROCESS Address: 0x8511C020 Process: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe Process Id: 5588 EPROCESS Address: 0x851BCA20 Process: C:\RkUnhooker\jl5o5okj.exe Process Id: 5496 EPROCESS Address: 0x84F78A88 ============================================== >Drivers Driver: PnpManager Address: 0x804D7000 Size: 2396160 bytes Driver: RAW Address: 0x804D7000 Size: 2396160 bytes Driver: C:\WINDOWS\system32\TUKERNEL.EXE Address: 0x804D7000 Size: 2396160 bytes Driver: WMIxWDM Address: 0x804D7000 Size: 2396160 bytes Driver: C:\WINDOWS\System32\ati3duag.dll Address: 0xBFA47000 Size: 2240512 bytes Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys Address: 0xAAD72000 Size: 2220032 bytes Driver: Win32k Address: 0xBF800000 Size: 1847296 bytes Driver: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1847296 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys Address: 0xAAC4B000 Size: 1044480 bytes Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Address: 0xF7513000 Size: 897024 bytes Driver: C:\WINDOWS\system32\DRIVERS\btkrnl.sys Address: 0xF72D5000 Size: 847872 bytes Driver: C:\WINDOWS\System32\DRIVERS\smrt.sys Address: 0xF73FA000 Size: 778240 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys Address: 0xAABA4000 Size: 684032 bytes Driver: Ntfs.sys Address: 0xF7690000 Size: 577536 bytes Driver: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys Address: 0xA6737000 Size: 503808 bytes Driver: C:\WINDOWS\System32\ativvaxx.dll Address: 0xBFC6A000 Size: 479232 bytes Driver: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Address: 0xA6904000 Size: 454656 bytes Driver: C:\WINDOWS\System32\DRIVERS\tcpip.sys Address: 0xA6AD1000 Size: 360448 bytes Driver: C:\WINDOWS\System32\DRIVERS\srv.sys Address: 0xA5128000 Size: 335872 bytes Driver: C:\WINDOWS\system32\drivers\btaudio.sys Address: 0xAAFB1000 Size: 323584 bytes Driver: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xA4606000 Size: 266240 bytes Driver: C:\WINDOWS\System32\ati2cqag.dll Address: 0xBFA0D000 Size: 237568 bytes Driver: C:\WINDOWS\System32\ati2dvag.dll Address: 0xBF9D5000 Size: 229376 bytes Driver: C:\WINDOWS\System32\DRIVERS\update.sys Address: 0xF71D9000 Size: 212992 bytes Driver: ACPI.sys Address: 0xF77DF000 Size: 192512 bytes Driver: C:\WINDOWS\System32\DRIVERS\mrxdav.sys Address: 0xA52BA000 Size: 184320 bytes Driver: C:\WINDOWS\System32\drivers\NDIS.SYS Address: 0xF7651000 Size: 184320 bytes Driver: C:\WINDOWS\system32\drivers\kmixer.sys Address: 0xA31F3000 Size: 176128 bytes Driver: C:\WINDOWS\System32\DRIVERS\rdbss.sys Address: 0xA6973000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys Address: 0xAAD4A000 Size: 163840 bytes Driver: C:\WINDOWS\System32\DRIVERS\netbt.sys Address: 0xA6A88000 Size: 163840 bytes Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xF74DB000 Size: 147456 bytes Driver: C:\WINDOWS\System32\Drivers\Fastfat.SYS Address: 0xA49C2000 Size: 143360 bytes Driver: C:\WINDOWS\System32\DRIVERS\ks.sys Address: 0xF73D7000 Size: 143360 bytes Driver: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS Address: 0xF74B8000 Size: 143360 bytes Driver: C:\WINDOWS\System32\drivers\afd.sys Address: 0xA699E000 Size: 139264 bytes Driver: C:\WINDOWS\System32\DRIVERS\ipnat.sys Address: 0xA6AB0000 Size: 135168 bytes Driver: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xAAF90000 Size: 135168 bytes Driver: ACPI_HAL Address: 0x80720000 Size: 134400 bytes Driver: C:\WINDOWS\system32\hal.dll Address: 0x80720000 Size: 134400 bytes Driver: fltmgr.sys Address: 0xF7759000 Size: 131072 bytes Driver: C:\WINDOWS\System32\DRIVERS\e1000325.sys Address: 0xF73B8000 Size: 126976 bytes Driver: ftdisk.sys Address: 0xF7791000 Size: 126976 bytes Driver: pcmcia.sys Address: 0xF77B0000 Size: 122880 bytes Driver: Mup.sys Address: 0xF7636000 Size: 110592 bytes Driver: atapi.sys Address: 0xF7779000 Size: 98304 bytes Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA671F000 Size: 98304 bytes Driver: KSecDD.sys Address: 0xF7730000 Size: 94208 bytes Driver: C:\WINDOWS\System32\DRIVERS\ndiswan.sys Address: 0xF72BE000 Size: 94208 bytes Driver: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xA4BC3000 Size: 86016 bytes Driver: C:\WINDOWS\System32\DRIVERS\parport.sys Address: 0xF73A4000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xF74FF000 Size: 81920 bytes Driver: C:\WINDOWS\System32\DRIVERS\ipsec.sys Address: 0xA6B29000 Size: 77824 bytes Driver: WudfPf.sys Address: 0xF771D000 Size: 77824 bytes Driver: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF9C3000 Size: 73728 bytes Driver: fsdfw.sys Address: 0xF767E000 Size: 73728 bytes Driver: sr.sys Address: 0xF7747000 Size: 73728 bytes Driver: pci.sys Address: 0xF77CE000 Size: 69632 bytes Driver: C:\WINDOWS\System32\DRIVERS\psched.sys Address: 0xF72AD000 Size: 69632 bytes Driver: C:\WINDOWS\System32\Drivers\btwusb.sys Address: 0xA4CA8000 Size: 65536 bytes Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xF725D000 Size: 65536 bytes Driver: C:\WINDOWS\System32\DRIVERS\nic1394.sys Address: 0xF78CF000 Size: 65536 bytes Driver: C:\WINDOWS\System32\DRIVERS\arp1394.sys Address: 0xF799F000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xF78FF000 Size: 61440 bytes Driver: ohci1394.sys Address: 0xF783F000 Size: 61440 bytes Driver: C:\WINDOWS\System32\DRIVERS\redbook.sys Address: 0xF7A1F000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xA4EB8000 Size: 61440 bytes Driver: C:\WINDOWS\System32\DRIVERS\usbhub.sys Address: 0xF794F000 Size: 61440 bytes Driver: VolSnap.sys Address: 0xF786F000 Size: 57344 bytes Driver: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS Address: 0xF784F000 Size: 53248 bytes Driver: C:\WINDOWS\System32\DRIVERS\cdrom.sys Address: 0xF7A0F000 Size: 53248 bytes Driver: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS Address: 0xF788F000 Size: 53248 bytes Driver: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys Address: 0xF7A3F000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS Address: 0xF724D000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\btwhid.sys Address: 0xA4AFD000 Size: 49152 bytes Driver: C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys Address: 0xA5030000 Size: 49152 bytes Driver: C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys Address: 0xA5020000 Size: 49152 bytes Driver: C:\WINDOWS\System32\Drivers\PrivateDiskM.sys Address: 0xF79CF000 Size: 49152 bytes Driver: C:\WINDOWS\System32\DRIVERS\raspptp.sys Address: 0xF7A5F000 Size: 49152 bytes Driver: C:\WINDOWS\System32\DRIVERS\STREAM.SYS Address: 0xF79EF000 Size: 49152 bytes Driver: C:\WINDOWS\System32\DRIVERS\imapi.sys Address: 0xF79FF000 Size: 45056 bytes Driver: MountMgr.sys Address: 0xF785F000 Size: 45056 bytes Driver: C:\WINDOWS\System32\DRIVERS\raspppoe.sys Address: 0xF7A4F000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys Address: 0xF7A2F000 Size: 40960 bytes Driver: C:\WINDOWS\System32\DRIVERS\intelppm.sys Address: 0xF79DF000 Size: 40960 bytes Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF790F000 Size: 40960 bytes Driver: C:\WINDOWS\System32\DRIVERS\termdd.sys Address: 0xF7A7F000 Size: 40960 bytes Driver: disk.sys Address: 0xF787F000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xF729D000 Size: 36864 bytes Driver: C:\WINDOWS\System32\drivers\fsndis5.sys Address: 0xF789F000 Size: 36864 bytes Driver: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS Address: 0xF727D000 Size: 36864 bytes Driver: isapnp.sys Address: 0xF782F000 Size: 36864 bytes Driver: C:\WINDOWS\System32\DRIVERS\msgpc.sys Address: 0xF7A6F000 Size: 36864 bytes Driver: C:\WINDOWS\System32\DRIVERS\netbios.sys Address: 0xF79AF000 Size: 36864 bytes Driver: C:\WINDOWS\System32\DRIVERS\wanarp.sys Address: 0xF798F000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Modem.SYS Address: 0xF7B77000 Size: 32768 bytes Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF7BAF000 Size: 32768 bytes Driver: C:\WINDOWS\System32\DRIVERS\usbccgp.sys Address: 0xF7BC7000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\btport.sys Address: 0xF7BD7000 Size: 28672 bytes Driver: C:\WINDOWS\System32\DRIVERS\fdc.sys Address: 0xF7B1F000 Size: 28672 bytes Driver: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys Address: 0xF7B27000 Size: 28672 bytes Driver: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS Address: 0xF7B97000 Size: 28672 bytes Driver: C:\WINDOWS\System32\DRIVERS\kbdclass.sys Address: 0xF7B47000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys Address: 0xF7C1F000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys Address: 0xF7C2F000 Size: 28672 bytes Driver: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS Address: 0xF7AAF000 Size: 28672 bytes Driver: C:\WINDOWS\System32\DRIVERS\usbehci.sys Address: 0xF7B17000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbprint.sys Address: 0xA4C08000 Size: 28672 bytes Driver: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Address: 0xF7BDF000 Size: 28672 bytes Driver: C:\WINDOWS\System32\DRIVERS\mouclass.sys Address: 0xF7B4F000 Size: 24576 bytes Driver: C:\WINDOWS\System32\drivers\vga.sys Address: 0xF7B9F000 Size: 24576 bytes Driver: C:\WINDOWS\System32\DRIVERS\flpydisk.sys Address: 0xF7B87000 Size: 20480 bytes Driver: C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys Address: 0xF7ACF000 Size: 20480 bytes Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF7BA7000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xF7AB7000 Size: 20480 bytes Driver: C:\WINDOWS\System32\DRIVERS\ptilink.sys Address: 0xF7B37000 Size: 20480 bytes Driver: PxHelp20.sys Address: 0xF7ABF000 Size: 20480 bytes Driver: C:\WINDOWS\System32\DRIVERS\raspti.sys Address: 0xF7B3F000 Size: 20480 bytes Driver: C:\WINDOWS\System32\Drivers\rkhdrv31.SYS Address: 0xA4BD8000 Size: 20480 bytes Driver: C:\WINDOWS\System32\DRIVERS\TDI.SYS Address: 0xF7B2F000 Size: 20480 bytes Driver: C:\WINDOWS\System32\DRIVERS\usbuhci.sys Address: 0xF7B0F000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\vsb.sys Address: 0xF7B5F000 Size: 20480 bytes Driver: C:\WINDOWS\System32\watchdog.sys Address: 0xF7C37000 Size: 20480 bytes Driver: C:\WINDOWS\System32\DRIVERS\kbdhid.sys Address: 0xAAB98000 Size: 16384 bytes Driver: C:\WINDOWS\System32\DRIVERS\mssmbios.sys Address: 0xF7CEF000 Size: 16384 bytes Driver: C:\WINDOWS\System32\DRIVERS\ndisuio.sys Address: 0xA562F000 Size: 16384 bytes Driver: C:\WINDOWS\system32\BOOTVID.dll Address: 0xF7C3F000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xF760E000 Size: 12288 bytes Driver: C:\WINDOWS\System32\DRIVERS\hidusb.sys Address: 0xF7CF3000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys Address: 0xA5276000 Size: 12288 bytes Driver: C:\WINDOWS\System32\DRIVERS\mouhid.sys Address: 0xAAB84000 Size: 12288 bytes Driver: C:\WINDOWS\System32\DRIVERS\ndistapi.sys Address: 0xF7CE3000 Size: 12288 bytes Driver: C:\WINDOWS\System32\DRIVERS\rasacd.sys Address: 0xF75F2000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\ws2ifsl.sys Address: 0xF71D5000 Size: 12288 bytes Driver: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF7D67000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7DA3000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF7D65000 Size: 8192 bytes Driver: C:\WINDOWS\system32\KDCOM.DLL Address: 0xF7D2F000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xF7D69000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS Address: 0xF7D89000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF7D6B000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\swenum.sys Address: 0xF7D3F000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\USBD.SYS Address: 0xF7D59000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS Address: 0xF7D31000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\audstub.sys Address: 0xF7F84000 Size: 4096 bytes Driver: D:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys Address: 0xF7EA6000 Size: 4096 bytes Driver: C:\WINDOWS\system32\DRIVERS\DMICall.sys Address: 0xF7F42000 Size: 4096 bytes Driver: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7F17000 Size: 4096 bytes Driver: D:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys Address: 0xF7F56000 Size: 4096 bytes Driver: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7F2A000 Size: 4096 bytes Driver: pciide.sys Address: 0xF7DF7000 Size: 4096 bytes ============================================== >Files Suspect File: C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\WNN3Q8DP\DLC_games[1].gif Status: Hidden Suspect File: C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\WNN3Q8DP\officeAcctExp_F[1].jpg Status: Hidden Suspect File: C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\YJP86GSN\MSlogo_default[1].gif Status: Hidden Suspect File: C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\YJP86GSN\tmo[1].gif Status: Hidden Suspect File: C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\YX19E3GJ\bouton_cliquezici[1].gif Status: Hidden Suspect File: C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\YX19E3GJ\date[1].gif Status: Hidden Suspect File: C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\YX19E3GJ\header1[1].gif Status: Hidden Suspect File: C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\YX19E3GJ\h_1_ill_903840_07050201_turquie1+unpl_web[1].jpg Status: Hidden Suspect File: C:\Documents and Settings\Didier\Local Settings\Temp\hsperfdata_Didier\1148::$DATA Status: Hidden Suspect File: C:\WINDOWS\Prefetch\MSNTBUP.EXE-0D913FB9.pf Status: Hidden Suspect File: C:\WINDOWS\Prefetch\POWERPNT.EXE-2F940E7E.pf Status: Hidden Suspect File: C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf Status: Hidden ============================================== >Hooks ndis.sys-->NdisCloseAdapter, Type: Inline - RelativeJump at address 0xF766361E hook handler located in [fsndis5.sys] ndis.sys-->NdisDeregisterProtocol, Type: Inline - RelativeJump at address 0xF76637FD hook handler located in [fsndis5.sys] ndis.sys-->NdisOpenAdapter, Type: Inline - RelativeJump at address 0xF7659397 hook handler located in [fsndis5.sys] ndis.sys-->NdisRegisterProtocol, Type: Inline - RelativeJump at address 0xF765917D hook handler located in [fsndis5.sys] ndis.sys-->NdisRequest, Type: Inline - RelativeJump at address 0xF766696B hook handler located in [fsndis5.sys] ndis.sys-->NdisReturnPackets, Type: Inline - RelativeJump at address 0xF7666800 hook handler located in [fsndis5.sys] ndis.sys-->NdisSend, Type: Inline - RelativeJump at address 0xF7669977 hook handler located in [fsndis5.sys] ndis.sys-->NdisSend, Type: Inline - RelativeJump at address 0xF7669994 hook handler located in [fsndis5.sys] ndis.sys-->NdisSendPackets, Type: Inline - RelativeJump at address 0xF76699AF hook handler located in [fsndis5.sys] TUKERNEL.EXE+0x0000D984, Type: Inline - RelativeJump at address 0x804E4984 hook handler located in [unknown_code_page] TUKERNEL.EXE-->IoCreateDevice, Type: Inline - RelativeJump at address 0x8059EAA2 hook handler located in [fsndis5.sys] [1148]HarmonyRemote.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [1148]HarmonyRemote.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [1148]HarmonyRemote.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [1148]HarmonyRemote.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [1148]HarmonyRemote.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [1148]HarmonyRemote.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [1148]HarmonyRemote.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [1408]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [1408]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [1408]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [1408]ctfmon.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [1408]ctfmon.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [1408]ctfmon.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [1408]ctfmon.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [1640]qttask.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [1640]qttask.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [1640]qttask.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [1640]qttask.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [1640]qttask.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [1640]qttask.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [1640]qttask.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [1692]VzTrayIcon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [1692]VzTrayIcon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [1692]VzTrayIcon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [1692]VzTrayIcon.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [1692]VzTrayIcon.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [1692]VzTrayIcon.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [1692]VzTrayIcon.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [1896]LogitechEasySync.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [1896]LogitechEasySync.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [1896]LogitechEasySync.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [1896]LogitechEasySync.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [1896]LogitechEasySync.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [1896]LogitechEasySync.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [1896]LogitechEasySync.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2000]FSAW.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2000]FSAW.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2000]FSAW.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2000]FSAW.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2116]Gigaget.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2116]Gigaget.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2116]Gigaget.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2116]Gigaget.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2116]Gigaget.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2116]Gigaget.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2116]Gigaget.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2264]MediaLifeService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2264]MediaLifeService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2264]MediaLifeService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2264]MediaLifeService.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2264]MediaLifeService.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2264]MediaLifeService.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2264]MediaLifeService.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2352]BTTray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2352]BTTray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2352]BTTray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2352]BTTray.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2352]BTTray.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2352]BTTray.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2352]BTTray.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2372]atiptaxx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2372]atiptaxx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2372]atiptaxx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2372]atiptaxx.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2372]atiptaxx.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2372]atiptaxx.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2372]atiptaxx.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2428]SSMSFilter.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2428]SSMSFilter.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2428]SSMSFilter.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2428]SSMSFilter.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2444]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2444]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2444]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2444]iTunesHelper.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2444]iTunesHelper.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2444]iTunesHelper.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2444]iTunesHelper.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2472]acrotray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2472]acrotray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2472]acrotray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2472]acrotray.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2472]acrotray.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2472]acrotray.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2472]acrotray.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2500]FSM32.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2500]FSM32.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2500]FSM32.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2500]FSM32.EXE-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2500]FSM32.EXE-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2500]FSM32.EXE-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2500]FSM32.EXE-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2636]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2636]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2636]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2636]explorer.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2636]explorer.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2636]explorer.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2636]explorer.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2652]F-Secure Automatic Update.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [2652]F-Secure Automatic Update.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [2652]F-Secure Automatic Update.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [2652]F-Secure Automatic Update.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2652]F-Secure Automatic Update.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2652]F-Secure Automatic Update.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2652]F-Secure Automatic Update.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [2680]ALCWZRD.EXE-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [2680]ALCWZRD.EXE-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [2680]ALCWZRD.EXE-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [2680]ALCWZRD.EXE-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3204]AvRmtCtr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3204]AvRmtCtr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3204]AvRmtCtr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3204]AvRmtCtr.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3204]AvRmtCtr.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3204]AvRmtCtr.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3204]AvRmtCtr.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3216]MSASCui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3216]MSASCui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3216]MSASCui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3216]MSASCui.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3216]MSASCui.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3216]MSASCui.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3216]MSASCui.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3444]VAIOUpdt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3444]VAIOUpdt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3444]VAIOUpdt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3444]VAIOUpdt.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3444]VAIOUpdt.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3444]VAIOUpdt.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3444]VAIOUpdt.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3548]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3548]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3548]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3548]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3548]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3548]GoogleToolbarNotifier.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3548]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3644]mssysmgr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3644]mssysmgr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3644]mssysmgr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3644]mssysmgr.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3644]mssysmgr.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3644]mssysmgr.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3644]mssysmgr.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3676]TomTomHOME.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3676]TomTomHOME.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3676]TomTomHOME.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3676]TomTomHOME.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3676]TomTomHOME.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3676]TomTomHOME.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3676]TomTomHOME.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3736]SetPoint.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3736]SetPoint.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3736]SetPoint.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3736]SetPoint.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3736]SetPoint.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3736]SetPoint.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3736]SetPoint.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3780]fsguidll.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3780]fsguidll.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3780]fsguidll.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3780]fsguidll.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3780]fsguidll.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3780]fsguidll.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3780]fsguidll.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3796]msmsgs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3796]msmsgs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3796]msmsgs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3796]msmsgs.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3796]msmsgs.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3796]msmsgs.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3796]msmsgs.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3916]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3916]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3916]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3916]realsched.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3916]realsched.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3916]realsched.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3916]realsched.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3944]NkbMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3944]NkbMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3944]NkbMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3944]NkbMonitor.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3944]NkbMonitor.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3944]NkbMonitor.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3944]NkbMonitor.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [3980]SOUNDMAN.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [3980]SOUNDMAN.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [3980]SOUNDMAN.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [3980]SOUNDMAN.EXE-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [3980]SOUNDMAN.EXE-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [3980]SOUNDMAN.EXE-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [3980]SOUNDMAN.EXE-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [4068]LogitechDesktopMessenger.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [4068]LogitechDesktopMessenger.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [4068]LogitechDesktopMessenger.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [4068]LogitechDesktopMessenger.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [4068]LogitechDesktopMessenger.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [4068]LogitechDesktopMessenger.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [4068]LogitechDesktopMessenger.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [444]pdservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [444]pdservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [444]pdservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [444]pdservice.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [444]pdservice.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [444]pdservice.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [444]pdservice.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [4740]KHALMNPR.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [4740]KHALMNPR.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [4740]KHALMNPR.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [4740]KHALMNPR.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [4740]KHALMNPR.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [4740]KHALMNPR.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [4740]KHALMNPR.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [5324]ntvdm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [5324]ntvdm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [5324]ntvdm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [5324]ntvdm.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [5324]ntvdm.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [5324]ntvdm.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [5324]ntvdm.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [5476]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [5476]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [5476]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [5476]iexplore.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [5476]iexplore.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [5476]iexplore.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [5476]iexplore.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [5476]iexplore.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump at address 0x77AB61C1 hook handler located in [unknown_code_page] [5476]iexplore.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump at address 0x77B02BCC hook handler located in [unknown_code_page] [556]msimn.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [556]msimn.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [556]msimn.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [556]msimn.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [556]msimn.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [556]msimn.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [556]msimn.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [5588]WLLoginProxy.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [5588]WLLoginProxy.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [5588]WLLoginProxy.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page] [764]winlogon.exe-->ntdll.dll-->NtCreateSymbolicLinkObject, Type: Inline - RelativeJump at address 0x7C91D7D2 hook handler located in [unknown_code_page] [764]winlogon.exe-->ntdll.dll-->NtDeleteObjectAuditAlarm, Type: Inline - RelativeJump at address 0x7C91D8CE hook handler located in [unknown_code_page] [764]winlogon.exe-->ntdll.dll-->NtQueryDefaultUILanguage, Type: Inline - RelativeJump at address 0x7C91DF5E hook handler located in [unknown_code_page] [764]winlogon.exe-->ntdll.dll-->NtSetUuidSeed, Type: Inline - RelativeJump at address 0x7C91E7BC hook handler located in [unknown_code_page] [924]BTSTAC~1.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SonyAIwd.dll] [924]BTSTAC~1.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF6 hook handler located in [unknown_code_page] [924]BTSTAC~1.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH at address 0x7C801AF7 hook handler located in [unknown_code_page]