[Closed] System affected with Virus

Status
Not open for further replies.
K

keeth7

Posts: 23   +0
My system got infected with Virus and all the data has been lost. All the icons on my desktop have been disappeared. I gave a trial by following the steps posted for
UPDATED 6-step Viruses/Spyware/Malware Preliminary Removal Instructions

I followed all the given 6 steps thoroughly and obtained the following logs

It would be great if anyone can help me to get back the data and icons. Thanks!!!


here are the logs for Malwarebytes as follows


Malwarebytes' Anti-Malware 1.51.1.1800

Database version: 7450

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/12/2011 3:50:14 PM
mbam-log-2011-08-12 (15-50-14).txt

Scan type: Quick scan
Objects scanned: 176876
Time elapsed: 28 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\programdata\qulyhhruog.exe (Trojan.FakeAlert) -> 4104 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qulYhhRuoG (Trojan.FakeAlert) -> Value: qulYhhRuoG -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\qulyhhruog.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Sreenath\AppData\Local\Temp\tmpDCDE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
System affected with virus

Log obtained from Gmer (first part of log):

GMER 1.0.15.15641 -
Rootkit scan 2011-08-16 23:00:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000069 ST916082 rev.3.BH
Running: ubz74szt.exe; Driver: C:\Users\Sreenath\AppData\Local\Temp\kxldipow.sys


---- System - GMER 1.0.15 ----

INT 0x83 ? 951A2CD0

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C40E340, 0x3ED9C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CreateProcessW 76811BF3 5 Bytes JMP 5FF36E10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CreateProcessA 76811C28 5 Bytes JMP 5FF36CB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!FreeLibrary 76853FA4 5 Bytes JMP 5FF369FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!ExitProcess 768543F4 5 Bytes JMP 5FF368A0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!GetProcAddress 7685925B 5 Bytes JMP 5FF36744 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 5 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 5 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 5 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] kernel32.dll!CreateProcessW 76811BF3 7 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] kernel32.dll!CreateProcessA 76811C28 7 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] kernel32.dll!FreeLibrary 76853FA4 6 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] kernel32.dll!ExitProcess 768543F4 7 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] kernel32.dll!GetProcAddress 7685925B 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 6 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 8 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\lsm.exe[820] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 8 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] kernel32.dll!CreateProcessW + 2 76811BF5 5 Bytes JMP 5FF36E10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] kernel32.dll!CreateProcessA + 2 76811C2A 5 Bytes JMP 5FF36CB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E6 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] kernel32.dll!ExitProcess + 1 768543F5 6 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] kernel32.dll!GetProcAddress + 2 7685925D 5 Bytes JMP 5FF36744 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\nvvsvc.exe[972] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] kernel32.dll!CreateProcessW + 2 76811BF5 8 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] kernel32.dll!CreateProcessA + 2 76811C2A 8 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] kernel32.dll!LoadLibraryExW 7683927C 12 Bytes JMP 5FF365E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] kernel32.dll!ExitProcess + 1 768543F5 11 Bytes JMP 5FF3689E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] kernel32.dll!GetProcAddress + 2 7685925D 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\rundll32.exe[1556] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] kernel32.dll!CreateProcessW + 2 76811BF5 5 Bytes JMP 5FF36E10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] kernel32.dll!CreateProcessA + 2 76811C2A 5 Bytes JMP 5FF36CB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E6 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] kernel32.dll!ExitProcess + 1 768543F5 6 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] kernel32.dll!GetProcAddress + 2 7685925D 5 Bytes JMP 5FF36744 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svcprs32.exe[2384] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!TerminateProcess 768118EF 5 Bytes JMP 5FF3763C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!CreateProcessW 76811BF3 5 Bytes JMP 5FF36E10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!CreateProcessA 76811C28 5 Bytes JMP 5FF36CB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!WriteProcessMemory 76811CB8 5 Bytes JMP 5FF3C678 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!VirtualProtect 76811DC3 5 Bytes JMP 5FF3CBE8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!OpenThread 7683C8EC 5 Bytes JMP 5FF3D2B4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!VirtualProtectEx 7683DC52 5 Bytes JMP 5FF3CA8C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!FreeLibrary 76853FA4 5 Bytes JMP 5FF369FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!ExitProcess 768543F4 5 Bytes JMP 5FF368A0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!TerminateThread 76854413 5 Bytes JMP 5FF37798 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!GetProcAddress 7685925B 5 Bytes JMP 5FF36744 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!VirtualAllocEx 7685AF1C 5 Bytes JMP 5FF3C930 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!CreateRemoteThread 7685CB55 5 Bytes JMP 5FF3C7D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] kernel32.dll!DebugActiveProcess 76899BC1 5 Bytes JMP 5FF3D410 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!StartServiceA 7674A24D 7 Bytes JMP 5FF39F08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 5 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!SetFileSecurityW 7674EBFE 5 Bytes JMP 5FF3BCF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!SetSecurityInfo 76755894 5 Bytes JMP 5FF3C108 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!SetNamedSecurityInfoW 76755956 5 Bytes JMP 5FF3C3C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 5 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!OpenSCManagerA 76762D93 7 Bytes JMP 5FF39584 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!OpenServiceA 76762EBD 7 Bytes JMP 5FF39AF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!StartServiceW 76763E0B 7 Bytes JMP 5FF3A064 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!SetKernelObjectSecurity 76763ECE 5 Bytes JMP 5FF3BE50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 7 Bytes JMP 5FF3A31C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!QueryServiceConfigW 767650A4 7 Bytes JMP 5FF3A730 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!QueryServiceConfigA 767651AD 7 Bytes JMP 5FF3A5D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!OpenSCManagerW 76767137 7 Bytes JMP 5FF396E0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!OpenServiceW 76768354 7 Bytes JMP 5FF39C50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!QueryServiceStatus 7676842C 7 Bytes JMP 5FF3A1C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!AdjustTokenPrivileges 767699CD 5 Bytes JMP 5FF3BA3C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!CreateServiceW 76789EB4 7 Bytes JMP 5FF39998 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!ControlService 76789FB8 7 Bytes JMP 5FF3A478 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!DeleteService 7678A07E 7 Bytes JMP 5FF39DAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 7 Bytes JMP 5FF3B624 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 5 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!InitiateSystemShutdownW 767C1829 5 Bytes JMP 5FF3D828 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!InitiateSystemShutdownExW 767C18F1 5 Bytes JMP 5FF3DAE0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!AbortSystemShutdownW 767C1B12 5 Bytes JMP 5FF3DD98 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!EnumServicesStatusExW 767C6909 7 Bytes JMP 5FF3B780 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!EnumServicesStatusA 767C6B47 7 Bytes JMP 5FF3B36C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 7 Bytes JMP 5FF3BFAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 7 Bytes JMP 5FF3ADFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 7 Bytes JMP 5FF3AF58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 7 Bytes JMP 5FF3B0B4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 7 Bytes JMP 5FF3B210 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!CreateServiceA 767C72A1 7 Bytes JMP 5FF3983C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!EnumDependentServicesA 767C7505 7 Bytes JMP 5FF3AB44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!EnumDependentServicesW 767C75D9 7 Bytes JMP 5FF3ACA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!QueryServiceConfig2A 767C7891 7 Bytes JMP 5FF3A88C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 7 Bytes JMP 5FF3A9E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ADVAPI32.dll!EnumServicesStatusW 767C7F61 5 Bytes JMP 5FF3B4C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SetUserObjectSecurity 76C4280F 5 Bytes JMP 5FF3C51C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SetWindowsHookExA 76C46322 5 Bytes JMP 5FF3CD44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!BroadcastSystemMessageW 76C4813F 5 Bytes JMP 5FF38EB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SetWindowsHookExW 76C487AD 5 Bytes JMP 5FF3CEA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendNotifyMessageW 76C493D6 5 Bytes JMP 5FF38944 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!BroadcastSystemMessageExW 76C49419 5 Bytes JMP 5FF3916C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!PostThreadMessageA 76C4BD34 5 Bytes JMP 5FF37FC0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!PostMessageA 76C4F8F8 5 Bytes JMP 5FF37D08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendMessageA 76C4F956 5 Bytes JMP 5FF37A50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendMessageTimeoutW 76C5352D 5 Bytes JMP 5FF3868C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendMessageCallbackW 76C54570 5 Bytes JMP 5FF383D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!PostThreadMessageW 76C57C8E 5 Bytes JMP 5FF3811C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!PostMessageW 76C5A175 5 Bytes JMP 5FF37E64 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendMessageW 76C60AED 5 Bytes JMP 5FF37BAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendDlgItemMessageA 76C6275B 5 Bytes JMP 5FF38AA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!OpenClipboard 76C6C31D 5 Bytes JMP 5FF3495C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendNotifyMessageA 76C6DFCF 5 Bytes JMP 5FF387E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendMessageTimeoutA 76C70006 5 Bytes JMP 5FF38530 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendDlgItemMessageW 76C70E38 5 Bytes JMP 5FF38BFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SetWindowsHookA 76C86249 5 Bytes JMP 5FF3CFFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SetWindowsHookW 76C86264 5 Bytes JMP 5FF3D158 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!EndTask 76C8AD32 5 Bytes JMP 5FF378F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!ExitWindowsEx 76C8B7C3 5 Bytes JMP 5FF3DEF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!BroadcastSystemMessageExA 76CA28E3 5 Bytes JMP 5FF39010 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!BroadcastSystemMessage 76CA290A 5 Bytes JMP 5FF38D58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendMessageCallbackA 76CA2CA7 2 Bytes JMP 5FF38278 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] USER32.dll!SendMessageCallbackA + 3 76CA2CAA 2 Bytes [29, E9] {SUB ECX, EBP}
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF37380 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ole32.dll!CoGetClassObject 7595FAE8 1 Byte [E9]
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ole32.dll!CoGetClassObject 7595FAE8 5 Bytes JMP 5FF343EC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ole32.dll!CoCreateInstanceEx 75979F81 5 Bytes JMP 5FF34290 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ole32.dll!CoInitializeEx 7597ADFB 5 Bytes JMP 5FF34134 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ole32.dll!CoGetInstanceFromFile 759CC595 5 Bytes JMP 5FF34548 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MSASCui.exe[2552] ole32.dll!CoGetInstanceFromIStorage 759E87CD 5 Bytes JMP 5FF346A4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!TerminateProcess 768118EF 9 Bytes JMP 5FF3763B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!CreateProcessW 76811BF3 7 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!CreateProcessA 76811C28 7 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!WriteProcessMemory 76811CB8 6 Bytes JMP 5FF3C677 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!VirtualProtect 76811DC3 8 Bytes JMP 5FF3CBE7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!OpenThread 7683C8EC 8 Bytes JMP 5FF3D2B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!VirtualProtectEx 7683DC52 6 Bytes JMP 5FF3CA8B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!FreeLibrary 76853FA4 6 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!ExitProcess 768543F4 7 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!TerminateThread 76854413 8 Bytes JMP 5FF37797 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!GetProcAddress 7685925B 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!VirtualAllocEx 7685AF1C 6 Bytes JMP 5FF3C92F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!CreateRemoteThread 7685CB55 10 Bytes JMP 5FF3C7D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] kernel32.dll!DebugActiveProcess 76899BC1 10 Bytes JMP 5FF3D40F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!StartServiceA 7674A24D 7 Bytes JMP 5FF39F07 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 6 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!SetFileSecurityW 7674EBFE 8 Bytes JMP 5FF3BCF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!SetSecurityInfo 76755894 8 Bytes JMP 5FF3C107 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!SetNamedSecurityInfoW 76755956 8 Bytes JMP 5FF3C3BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 8 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!OpenSCManagerA 76762D93 7 Bytes JMP 5FF39583 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!OpenServiceA 76762EBD 7 Bytes JMP 5FF39AF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!StartServiceW 76763E0B 7 Bytes JMP 5FF3A063 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!SetKernelObjectSecurity 76763ECE 8 Bytes JMP 5FF3BE4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 7 Bytes JMP 5FF3A31B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!QueryServiceConfigW 767650A4 7 Bytes JMP 5FF3A72F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!QueryServiceConfigA 767651AD 7 Bytes JMP 5FF3A5D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!OpenSCManagerW 76767137 7 Bytes JMP 5FF396DF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!OpenServiceW 76768354 7 Bytes JMP 5FF39C4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!QueryServiceStatus 7676842C 7 Bytes JMP 5FF3A1BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!AdjustTokenPrivileges 767699CD 6 Bytes JMP 5FF3BA3B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!CreateServiceW 76789EB4 7 Bytes JMP 5FF39997 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!ControlService 76789FB8 7 Bytes JMP 5FF3A477 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!DeleteService 7678A07E 7 Bytes JMP 5FF39DAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 7 Bytes JMP 5FF3B623 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 8 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!InitiateSystemShutdownW 767C1829 8 Bytes JMP 5FF3D827 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!InitiateSystemShutdownExW 767C18F1 8 Bytes JMP 5FF3DADF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!AbortSystemShutdownW 767C1B12 6 Bytes JMP 5FF3DD97 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!EnumServicesStatusExW 767C6909 7 Bytes JMP 5FF3B77F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!EnumServicesStatusA 767C6B47 7 Bytes JMP 5FF3B36B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 7 Bytes JMP 5FF3BFAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 7 Bytes JMP 5FF3ADFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 7 Bytes JMP 5FF3AF57 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 7 Bytes JMP 5FF3B0B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 7 Bytes JMP 5FF3B20F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!CreateServiceA 767C72A1 7 Bytes JMP 5FF3983B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!EnumDependentServicesA 767C7505 7 Bytes JMP 5FF3AB43 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!EnumDependentServicesW 767C75D9 7 Bytes JMP 5FF3AC9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!QueryServiceConfig2A 767C7891 7 Bytes JMP 5FF3A88B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 7 Bytes JMP 5FF3A9E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ADVAPI32.dll!EnumServicesStatusW 767C7F61 7 Bytes JMP 5FF3B4C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SetUserObjectSecurity + 2 76C42811 6 Bytes JMP 5FF3C51C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SetWindowsHookExA + 2 76C46324 5 Bytes JMP 5FF3CD44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!BroadcastSystemMessageW + 2 76C48141 5 Bytes JMP 5FF38EB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SetWindowsHookExW + 2 76C487AF 5 Bytes JMP 5FF3CEA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendNotifyMessageW + 2 76C493D8 6 Bytes JMP 5FF38944 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!BroadcastSystemMessageExW + 2 76C4941B 5 Bytes JMP 5FF3916C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!PostThreadMessageA + 2 76C4BD36 5 Bytes JMP 5FF37FC0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!PostThreadMessageA + 8 76C4BD3C 2 Bytes JMP 6D554DD1
 
System affected with virus

Second part of Gmer log:

.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!PostMessageA + 2 76C4F8FA 5 Bytes JMP 5FF37D08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendMessageA + 2 76C4F958 7 Bytes JMP 5FF37A50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendMessageTimeoutW + 2 76C5352F 5 Bytes JMP 5FF3868C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendMessageCallbackW + 2 76C54572 5 Bytes JMP 5FF383D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!PostThreadMessageW 76C57C8E 5 Bytes JMP 5FF3811C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!PostMessageW + 2 76C5A177 6 Bytes JMP 5FF37E64 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendMessageW + 2 76C60AEF 7 Bytes JMP 5FF37BAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendDlgItemMessageA + 2 76C6275D 7 Bytes JMP 5FF38AA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!OpenClipboard + 2 76C6C31F 7 Bytes JMP 5FF3495C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendNotifyMessageA + 2 76C6DFD1 6 Bytes JMP 5FF387E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendMessageTimeoutA + 2 76C70008 5 Bytes JMP 5FF38530 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendDlgItemMessageW + 2 76C70E3A 7 Bytes JMP 5FF38BFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SetWindowsHookA + 2 76C8624B 5 Bytes JMP 5FF3CFFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SetWindowsHookW + 2 76C86266 5 Bytes JMP 5FF3D158 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!EndTask + 2 76C8AD34 6 Bytes JMP 5FF378F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!ExitWindowsEx + 2 76C8B7C5 6 Bytes JMP 5FF3DEF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!BroadcastSystemMessageExA + 2 76CA28E5 5 Bytes JMP 5FF39010 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!BroadcastSystemMessage + 2 76CA290C 5 Bytes JMP 5FF38D58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] USER32.dll!SendMessageCallbackA + 2 76CA2CA9 5 Bytes JMP 5FF38278 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ole32.dll!CoGetClassObject + 2 7595FAEA 8 Bytes JMP 5FF343EC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ole32.dll!CoCreateInstanceEx + 2 75979F83 7 Bytes JMP 5FF34290 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ole32.dll!CoInitializeEx + 2 7597ADFD 5 Bytes JMP 5FF34134 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ole32.dll!CoGetInstanceFromFile + 2 759CC597 8 Bytes JMP 5FF34548 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\Dwm.exe[2856] ole32.dll!CoGetInstanceFromIStorage + 2 759E87CF 8 Bytes JMP 5FF346A4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!TerminateProcess + 2 768118F1 7 Bytes JMP 5FF3763B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!CreateProcessW + 2 76811BF5 8 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!CreateProcessA + 2 76811C2A 8 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!WriteProcessMemory 76811CB8 5 Bytes JMP 5FF3C678 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!VirtualProtect + 2 76811DC5 6 Bytes JMP 5FF3CBE7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!LoadLibraryExW 7683927C 12 Bytes JMP 5FF365E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!OpenThread + 2 7683C8EE 6 Bytes JMP 5FF3D2B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!VirtualProtectEx + 2 7683DC54 10 Bytes JMP 5FF3CA8B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!ExitProcess + 1 768543F5 11 Bytes JMP 5FF3689E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!TerminateThread + 2 76854415 6 Bytes JMP 5FF37797 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!GetProcAddress + 2 7685925D 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!VirtualAllocEx + 2 7685AF1E 7 Bytes JMP 5FF3C92F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!CreateRemoteThread 7685CB55 10 Bytes JMP 5FF3C7D1 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] kernel32.dll!DebugActiveProcess + 2 76899BC3 8 Bytes JMP 5FF3D40F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!StartServiceA 7674A24D 12 Bytes JMP 5FF39F05 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!SetFileSecurityW + 2 7674EC00 6 Bytes JMP 5FF3BCF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!SetSecurityInfo + 2 76755896 6 Bytes JMP 5FF3C107 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!SetNamedSecurityInfoW + 2 76755958 6 Bytes JMP 5FF3C3BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!OpenSCManagerA 76762D93 12 Bytes JMP 5FF39581 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!OpenServiceA 76762EBD 4 Bytes [8B, FF, 90, E9]
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!OpenServiceA + 5 76762EC2 7 Bytes JMP 0706BF57
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!StartServiceW 76763E0B 12 Bytes JMP 5FF3A061 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!SetKernelObjectSecurity + 2 76763ED0 6 Bytes JMP 5FF3BE4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 12 Bytes JMP 5FF3A319 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!QueryServiceConfigW 767650A4 12 Bytes JMP 5FF3A72D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!QueryServiceConfigA 767651AD 12 Bytes JMP 5FF3A5D1 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!OpenSCManagerW 76767137 12 Bytes JMP 5FF396DD C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!OpenServiceW 76768354 12 Bytes JMP 5FF39C4D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!QueryServiceStatus 7676842C 12 Bytes JMP 5FF3A1BD C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!AdjustTokenPrivileges + 2 767699CF 7 Bytes JMP 5FF3BA3C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!CreateServiceW 76789EB4 7 Bytes JMP 5FF39996 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!ControlService 76789FB8 7 Bytes JMP 5FF3A476 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!DeleteService 7678A07E 7 Bytes JMP 5FF39DAA C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 7 Bytes JMP 5FF3B622 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!InitiateSystemShutdownW + 2 767C182B 6 Bytes JMP 5FF3D827 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!InitiateSystemShutdownExW + 2 767C18F3 6 Bytes JMP 5FF3DADF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!AbortSystemShutdownW + 2 767C1B14 7 Bytes JMP 5FF3DD98 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!EnumServicesStatusExW 767C6909 7 Bytes JMP 5FF3B77E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!EnumServicesStatusA 767C6B47 7 Bytes JMP 5FF3B36A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 12 Bytes JMP 5FF3BFA9 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 7 Bytes JMP 5FF3ADFA C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 7 Bytes JMP 5FF3AF56 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 7 Bytes JMP 5FF3B0B2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 7 Bytes JMP 5FF3B20E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!CreateServiceA 767C72A1 7 Bytes JMP 5FF3983A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!EnumDependentServicesA 767C7505 7 Bytes JMP 5FF3AB42 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!EnumDependentServicesW 767C75D9 7 Bytes JMP 5FF3AC9E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!QueryServiceConfig2A 767C7891 12 Bytes JMP 5FF3A889 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 12 Bytes JMP 5FF3A9E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ADVAPI32.dll!EnumServicesStatusW + 2 767C7F63 5 Bytes JMP 5FF3B4C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SetUserObjectSecurity 76C4280F 5 Bytes JMP 5FF3C51C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SetWindowsHookExA 76C46322 5 Bytes JMP 5FF3CD44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!BroadcastSystemMessageW 76C4813F 5 Bytes JMP 5FF38EB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SetWindowsHookExW 76C487AD 5 Bytes JMP 5FF3CEA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendNotifyMessageW 76C493D6 5 Bytes JMP 5FF38944 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!BroadcastSystemMessageExW 76C49419 5 Bytes JMP 5FF3916C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!PostThreadMessageA 76C4BD34 5 Bytes JMP 5FF37FC0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!PostMessageA 76C4F8F8 5 Bytes JMP 5FF37D08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendMessageA 76C4F956 5 Bytes JMP 5FF37A50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendMessageTimeoutW 76C5352D 5 Bytes JMP 5FF3868C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendMessageCallbackW 76C54570 5 Bytes JMP 5FF383D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!PostThreadMessageW 76C57C8E 5 Bytes JMP 5FF3811C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!PostMessageW 76C5A175 5 Bytes JMP 5FF37E64 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendMessageW 76C60AED 5 Bytes JMP 5FF37BAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendDlgItemMessageA 76C6275B 5 Bytes JMP 5FF38AA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!OpenClipboard 76C6C31D 5 Bytes JMP 5FF3495C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendNotifyMessageA 76C6DFCF 5 Bytes JMP 5FF387E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendMessageTimeoutA 76C70006 5 Bytes JMP 5FF38530 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendDlgItemMessageW 76C70E38 5 Bytes JMP 5FF38BFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SetWindowsHookA 76C86249 5 Bytes JMP 5FF3CFFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SetWindowsHookW 76C86264 5 Bytes JMP 5FF3D158 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!EndTask 76C8AD32 5 Bytes JMP 5FF378F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!ExitWindowsEx 76C8B7C3 5 Bytes JMP 5FF3DEF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!BroadcastSystemMessageExA 76CA28E3 5 Bytes JMP 5FF39010 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!BroadcastSystemMessage 76CA290A 5 Bytes JMP 5FF38D58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendMessageCallbackA 76CA2CA7 2 Bytes JMP 5FF38278 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] USER32.dll!SendMessageCallbackA + 3 76CA2CAA 2 Bytes [29, E9] {SUB ECX, EBP}
.text C:\Windows\Explorer.EXE[2968] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF37380 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ole32.dll!CoGetClassObject 7595FAE8 1 Byte [E9]
.text C:\Windows\Explorer.EXE[2968] ole32.dll!CoGetClassObject 7595FAE8 5 Bytes JMP 5FF343EC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ole32.dll!CoCreateInstanceEx 75979F81 5 Bytes JMP 5FF34290 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ole32.dll!CoInitializeEx 7597ADFB 5 Bytes JMP 5FF34134 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ole32.dll!CoGetInstanceFromFile 759CC595 5 Bytes JMP 5FF34548 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\Explorer.EXE[2968] ole32.dll!CoGetInstanceFromIStorage 759E87CD 5 Bytes JMP 5FF346A4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] kernel32.dll!CreateProcessW + 2 76811BF5 8 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] kernel32.dll!CreateProcessA + 2 76811C2A 8 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] kernel32.dll!LoadLibraryExW 7683927C 12 Bytes JMP 5FF365E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] kernel32.dll!ExitProcess + 1 768543F5 11 Bytes JMP 5FF3689E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] kernel32.dll!GetProcAddress + 2 7685925D 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[3484] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] kernel32.dll!CreateProcessW + 2 76811BF5 8 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] kernel32.dll!CreateProcessA + 2 76811C2A 8 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] kernel32.dll!LoadLibraryExW 7683927C 12 Bytes JMP 5FF365E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] kernel32.dll!ExitProcess + 1 768543F5 11 Bytes JMP 5FF3689E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] kernel32.dll!GetProcAddress + 2 7685925D 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\mdmcls32.exe[3644] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] kernel32.dll!CreateProcessW + 2 76811BF5 5 Bytes JMP 5FF36E10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] kernel32.dll!CreateProcessA + 2 76811C2A 5 Bytes JMP 5FF36CB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E6 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] kernel32.dll!ExitProcess + 1 768543F5 6 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] kernel32.dll!GetProcAddress + 2 7685925D 5 Bytes JMP 5FF36744 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\SearchIndexer.exe[3952] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!TerminateProcess 768118EF 5 Bytes JMP 5FF3763C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!CreateProcessW 76811BF3 5 Bytes JMP 5FF36E10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!CreateProcessA 76811C28 5 Bytes JMP 5FF36CB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!WriteProcessMemory 76811CB8 5 Bytes JMP 5FF3C678 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!VirtualProtect 76811DC3 5 Bytes JMP 5FF3CBE8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!OpenThread 7683C8EC 5 Bytes JMP 5FF3D2B4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!VirtualProtectEx 7683DC52 5 Bytes JMP 5FF3CA8C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!FreeLibrary 76853FA4 5 Bytes JMP 5FF369FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!ExitProcess 768543F4 5 Bytes JMP 5FF368A0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!TerminateThread 76854413 5 Bytes JMP 5FF37798 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!GetProcAddress 7685925B 5 Bytes JMP 5FF36744 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!VirtualAllocEx 7685AF1C 5 Bytes JMP 5FF3C930 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!CreateRemoteThread 7685CB55 5 Bytes JMP 5FF3C7D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] kernel32.dll!DebugActiveProcess 76899BC1 5 Bytes JMP 5FF3D410 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SetUserObjectSecurity 76C4280F 5 Bytes JMP 5FF3C51C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SetWindowsHookExA 76C46322 5 Bytes JMP 5FF3CD44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!BroadcastSystemMessageW 76C4813F 5 Bytes JMP 5FF38EB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SetWindowsHookExW 76C487AD 5 Bytes JMP 5FF3CEA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendNotifyMessageW 76C493D6 5 Bytes JMP 5FF38944 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!BroadcastSystemMessageExW 76C49419 5 Bytes JMP 5FF3916C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!PostThreadMessageA 76C4BD34 5 Bytes JMP 5FF37FC0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!PostMessageA 76C4F8F8 5 Bytes JMP 5FF37D08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendMessageA 76C4F956 5 Bytes JMP 5FF37A50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendMessageTimeoutW 76C5352D 5 Bytes JMP 5FF3868C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendMessageCallbackW 76C54570 5 Bytes JMP 5FF383D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!PostThreadMessageW 76C57C8E 5 Bytes JMP 5FF3811C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!PostMessageW 76C5A175 5 Bytes JMP 5FF37E64 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendMessageW 76C60AED 5 Bytes JMP 5FF37BAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendDlgItemMessageA 76C6275B 5 Bytes JMP 5FF38AA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!OpenClipboard 76C6C31D 5 Bytes JMP 5FF3495C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendNotifyMessageA 76C6DFCF 5 Bytes JMP 5FF387E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendMessageTimeoutA 76C70006 5 Bytes JMP 5FF38530 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendDlgItemMessageW 76C70E38 5 Bytes JMP 5FF38BFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SetWindowsHookA 76C86249 5 Bytes JMP 5FF3CFFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SetWindowsHookW 76C86264 5 Bytes JMP 5FF3D158 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!EndTask 76C8AD32 5 Bytes JMP 5FF378F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!ExitWindowsEx 76C8B7C3 5 Bytes JMP 5FF3DEF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!BroadcastSystemMessageExA 76CA28E3 5 Bytes JMP 5FF39010 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!BroadcastSystemMessage 76CA290A 5 Bytes JMP 5FF38D58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendMessageCallbackA 76CA2CA7 2 Bytes JMP 5FF38278 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] USER32.dll!SendMessageCallbackA + 3 76CA2CAA 2 Bytes [29, E9] {SUB ECX, EBP}
 
System affected with virus

Third part of GMER Log:



.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!StartServiceA 7674A24D 7 Bytes JMP 5FF39F08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 5 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!SetFileSecurityW 7674EBFE 5 Bytes JMP 5FF3BCF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!SetSecurityInfo 76755894 5 Bytes JMP 5FF3C108 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!SetNamedSecurityInfoW 76755956 5 Bytes JMP 5FF3C3C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 5 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!OpenSCManagerA 76762D93 7 Bytes JMP 5FF39584 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!OpenServiceA 76762EBD 7 Bytes JMP 5FF39AF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!StartServiceW 76763E0B 7 Bytes JMP 5FF3A064 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!SetKernelObjectSecurity 76763ECE 5 Bytes JMP 5FF3BE50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 7 Bytes JMP 5FF3A31C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!QueryServiceConfigW 767650A4 7 Bytes JMP 5FF3A730 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!QueryServiceConfigA 767651AD 7 Bytes JMP 5FF3A5D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!OpenSCManagerW 76767137 7 Bytes JMP 5FF396E0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!OpenServiceW 76768354 7 Bytes JMP 5FF39C50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!QueryServiceStatus 7676842C 7 Bytes JMP 5FF3A1C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!AdjustTokenPrivileges 767699CD 5 Bytes JMP 5FF3BA3C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!CreateServiceW 76789EB4 7 Bytes JMP 5FF39998 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!ControlService 76789FB8 7 Bytes JMP 5FF3A478 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!DeleteService 7678A07E 7 Bytes JMP 5FF39DAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 7 Bytes JMP 5FF3B624 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 5 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!InitiateSystemShutdownW 767C1829 5 Bytes JMP 5FF3D828 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!InitiateSystemShutdownExW 767C18F1 5 Bytes JMP 5FF3DAE0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!AbortSystemShutdownW 767C1B12 5 Bytes JMP 5FF3DD98 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!EnumServicesStatusExW 767C6909 7 Bytes JMP 5FF3B780 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!EnumServicesStatusA 767C6B47 7 Bytes JMP 5FF3B36C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 7 Bytes JMP 5FF3BFAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 7 Bytes JMP 5FF3ADFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 7 Bytes JMP 5FF3AF58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 7 Bytes JMP 5FF3B0B4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 7 Bytes JMP 5FF3B210 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!CreateServiceA 767C72A1 7 Bytes JMP 5FF3983C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!EnumDependentServicesA 767C7505 7 Bytes JMP 5FF3AB44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!EnumDependentServicesW 767C75D9 7 Bytes JMP 5FF3ACA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!QueryServiceConfig2A 767C7891 7 Bytes JMP 5FF3A88C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 7 Bytes JMP 5FF3A9E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ADVAPI32.dll!EnumServicesStatusW 767C7F61 5 Bytes JMP 5FF3B4C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ole32.dll!CoGetClassObject 7595FAE8 1 Byte [E9]
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ole32.dll!CoGetClassObject 7595FAE8 5 Bytes JMP 5FF343EC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ole32.dll!CoCreateInstanceEx 75979F81 5 Bytes JMP 5FF34290 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ole32.dll!CoInitializeEx 7597ADFB 5 Bytes JMP 5FF34134 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ole32.dll!CoGetInstanceFromFile 759CC595 5 Bytes JMP 5FF34548 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] ole32.dll!CoGetInstanceFromIStorage 759E87CD 5 Bytes JMP 5FF346A4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!TerminateProcess 768118EF 9 Bytes JMP 5FF3763B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!CreateProcessW 76811BF3 7 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!CreateProcessA 76811C28 7 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!WriteProcessMemory 76811CB8 6 Bytes JMP 5FF3C677 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!VirtualProtect 76811DC3 8 Bytes JMP 5FF3CBE7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!OpenThread 7683C8EC 8 Bytes JMP 5FF3D2B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!VirtualProtectEx 7683DC52 6 Bytes JMP 5FF3CA8B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!FreeLibrary 76853FA4 6 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!ExitProcess 768543F4 7 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!TerminateThread 76854413 8 Bytes JMP 5FF37797 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!GetProcAddress 7685925B 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!VirtualAllocEx 7685AF1C 6 Bytes JMP 5FF3C92F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!CreateRemoteThread 7685CB55 10 Bytes JMP 5FF3C7D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] kernel32.dll!DebugActiveProcess 76899BC1 10 Bytes JMP 5FF3D40F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SetUserObjectSecurity 76C4280F 8 Bytes JMP 5FF3C51B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SetWindowsHookExA 76C46322 7 Bytes JMP 5FF3CD43 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!BroadcastSystemMessageW 76C4813F 7 Bytes JMP 5FF38EB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SetWindowsHookExW 76C487AD 7 Bytes JMP 5FF3CE9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendNotifyMessageW 76C493D6 8 Bytes JMP 5FF38943 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!BroadcastSystemMessageExW 76C49419 7 Bytes JMP 5FF3916B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!PostThreadMessageA 76C4BD34 7 Bytes JMP 5FF37FBF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!PostThreadMessageA + 8 76C4BD3C 2 Bytes [90, 90] {NOP ; NOP }
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!PostMessageA 76C4F8F8 6 Bytes JMP 5FF37D07 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendMessageA 76C4F956 6 Bytes JMP 5FF37A4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendMessageTimeoutW 76C5352D 7 Bytes JMP 5FF3868B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendMessageCallbackW 76C54570 6 Bytes JMP 5FF383D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!PostThreadMessageW 76C57C8E 6 Bytes JMP 5FF3811B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!PostMessageW 76C5A175 8 Bytes JMP 5FF37E63 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendMessageW 76C60AED 6 Bytes JMP 5FF37BAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendDlgItemMessageA 76C6275B 9 Bytes JMP 5FF38A9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!OpenClipboard 76C6C31D 6 Bytes JMP 5FF3495B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendNotifyMessageA 76C6DFCF 8 Bytes JMP 5FF387E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendMessageTimeoutA 76C70006 7 Bytes JMP 5FF3852F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendDlgItemMessageW 76C70E38 9 Bytes JMP 5FF38BFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SetWindowsHookA 76C86249 7 Bytes JMP 5FF3CFFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SetWindowsHookW 76C86264 7 Bytes JMP 5FF3D157 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!EndTask 76C8AD32 8 Bytes JMP 5FF378F3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!ExitWindowsEx 76C8B7C3 8 Bytes JMP 5FF3DEF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!BroadcastSystemMessageExA 76CA28E3 7 Bytes JMP 5FF3900F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!BroadcastSystemMessage 76CA290A 7 Bytes JMP 5FF38D57 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] USER32.dll!SendMessageCallbackA 76CA2CA7 6 Bytes JMP 5FF38277 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!StartServiceA 7674A24D 7 Bytes JMP 5FF39F07 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 6 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!SetFileSecurityW 7674EBFE 8 Bytes JMP 5FF3BCF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!SetSecurityInfo 76755894 8 Bytes JMP 5FF3C107 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!SetNamedSecurityInfoW 76755956 8 Bytes JMP 5FF3C3BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 8 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!OpenSCManagerA 76762D93 7 Bytes JMP 5FF39583 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!OpenServiceA 76762EBD 7 Bytes JMP 5FF39AF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!StartServiceW 76763E0B 7 Bytes JMP 5FF3A063 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!SetKernelObjectSecurity 76763ECE 8 Bytes JMP 5FF3BE4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 7 Bytes JMP 5FF3A31B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!QueryServiceConfigW 767650A4 7 Bytes JMP 5FF3A72F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!QueryServiceConfigA 767651AD 7 Bytes JMP 5FF3A5D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!OpenSCManagerW 76767137 7 Bytes JMP 5FF396DF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!OpenServiceW 76768354 7 Bytes JMP 5FF39C4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!QueryServiceStatus 7676842C 7 Bytes JMP 5FF3A1BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!AdjustTokenPrivileges 767699CD 6 Bytes JMP 5FF3BA3B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!CreateServiceW 76789EB4 7 Bytes JMP 5FF39997 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!ControlService 76789FB8 7 Bytes JMP 5FF3A477 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!DeleteService 7678A07E 7 Bytes JMP 5FF39DAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 7 Bytes JMP 5FF3B623 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 8 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!InitiateSystemShutdownW 767C1829 8 Bytes JMP 5FF3D827 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!InitiateSystemShutdownExW 767C18F1 8 Bytes JMP 5FF3DADF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!AbortSystemShutdownW 767C1B12 6 Bytes JMP 5FF3DD97 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!EnumServicesStatusExW 767C6909 7 Bytes JMP 5FF3B77F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!EnumServicesStatusA 767C6B47 7 Bytes JMP 5FF3B36B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 7 Bytes JMP 5FF3BFAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 7 Bytes JMP 5FF3ADFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 7 Bytes JMP 5FF3AF57 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 7 Bytes JMP 5FF3B0B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 7 Bytes JMP 5FF3B20F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!CreateServiceA 767C72A1 7 Bytes JMP 5FF3983B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!EnumDependentServicesA 767C7505 7 Bytes JMP 5FF3AB43 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!EnumDependentServicesW 767C75D9 7 Bytes JMP 5FF3AC9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!QueryServiceConfig2A 767C7891 7 Bytes JMP 5FF3A88B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 7 Bytes JMP 5FF3A9E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ADVAPI32.dll!EnumServicesStatusW 767C7F61 7 Bytes JMP 5FF3B4C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ole32.dll!CoGetClassObject 7595FAE8 10 Bytes JMP 5FF343EB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ole32.dll!CoCreateInstanceEx 75979F81 6 Bytes JMP 5FF3428F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ole32.dll!CoInitializeEx 7597ADFB 6 Bytes JMP 5FF34133 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ole32.dll!CoGetInstanceFromFile 759CC595 10 Bytes JMP 5FF34547 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\rundll32.exe[4256] ole32.dll!CoGetInstanceFromIStorage 759E87CD 10 Bytes JMP 5FF346A3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] kernel32.dll!CreateProcessW 76811BF3 7 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] kernel32.dll!CreateProcessA 76811C28 7 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] kernel32.dll!FreeLibrary 76853FA4 6 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] kernel32.dll!ExitProcess 768543F4 7 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] kernel32.dll!GetProcAddress 7685925B 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 6 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 8 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 8 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!TerminateProcess + 2 768118F1 7 Bytes JMP 5FF3763B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!CreateProcessW + 2 76811BF5 8 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!CreateProcessA + 2 76811C2A 8 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!WriteProcessMemory + 2 76811CBA 8 Bytes JMP 5FF3C677 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!VirtualProtect + 2 76811DC5 6 Bytes JMP 5FF3CBE7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!LoadLibraryExW 7683927C 12 Bytes JMP 5FF365E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!OpenThread + 2 7683C8EE 6 Bytes JMP 5FF3D2B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!VirtualProtectEx + 2 7683DC54 10 Bytes JMP 5FF3CA8B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!ExitProcess + 1 768543F5 11 Bytes JMP 5FF3689E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!TerminateThread + 2 76854415 6 Bytes JMP 5FF37797 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!GetProcAddress + 2 7685925D 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!VirtualAllocEx + 2 7685AF1E 7 Bytes JMP 5FF3C92F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!CreateRemoteThread 7685CB55 10 Bytes JMP 5FF3C7D1 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] kernel32.dll!DebugActiveProcess + 2 76899BC3 8 Bytes JMP 5FF3D40F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!StartServiceA 7674A24D 12 Bytes JMP 5FF39F05 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!SetFileSecurityW + 2 7674EC00 6 Bytes JMP 5FF3BCF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!SetSecurityInfo + 2 76755896 6 Bytes JMP 5FF3C107 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!SetNamedSecurityInfoW + 2 76755958 6 Bytes JMP 5FF3C3BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!OpenSCManagerA 76762D93 12 Bytes JMP 5FF39581 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!OpenServiceA 76762EBD 4 Bytes [8B, FF, 90, E9]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!OpenServiceA + 5 76762EC2 7 Bytes JMP 0706BF57
 
System affected with virus

Fourth part of GMER log:



.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!VirtualProtectEx + 2 7683DC54 10 Bytes JMP 5FF3CA8C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!ExitProcess + 1 768543F5 6 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!TerminateThread + 2 76854415 6 Bytes JMP 5FF37798 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!GetProcAddress + 2 7685925D 5 Bytes JMP 5FF36744 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!VirtualAllocEx + 2 7685AF1E 7 Bytes JMP 5FF3C930 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!CreateRemoteThread 7685CB55 10 Bytes JMP 5FF3C7D2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!DebugActiveProcess + 2 76899BC3 8 Bytes JMP 5FF3D410 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!StartServiceA 7674A24D 7 Bytes JMP 5FF39F06 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!SetFileSecurityW + 2 7674EC00 6 Bytes JMP 5FF3BCF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!SetSecurityInfo + 2 76755896 6 Bytes JMP 5FF3C108 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!SetNamedSecurityInfoW + 2 76755958 6 Bytes JMP 5FF3C3C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!OpenSCManagerA 76762D93 7 Bytes JMP 5FF39582 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!OpenServiceA 76762EBD 7 Bytes JMP 5FF39AF2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!StartServiceW 76763E0B 7 Bytes JMP 5FF3A062 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!SetKernelObjectSecurity + 2 76763ED0 6 Bytes JMP 5FF3BE50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 7 Bytes JMP 5FF3A31A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!QueryServiceConfigW 767650A4 7 Bytes JMP 5FF3A72E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!QueryServiceConfigA 767651AD 7 Bytes JMP 5FF3A5D2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!OpenSCManagerW 76767137 7 Bytes JMP 5FF396DE C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!OpenServiceW 76768354 7 Bytes JMP 5FF39C4E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!QueryServiceStatus 7676842C 7 Bytes JMP 5FF3A1BE C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!AdjustTokenPrivileges + 2 767699CF 7 Bytes JMP 5FF3BA3C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!CreateServiceW 76789EB4 7 Bytes JMP 5FF39996 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!ControlService 76789FB8 7 Bytes JMP 5FF3A476 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!DeleteService 7678A07E 7 Bytes JMP 5FF39DAA C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 7 Bytes JMP 5FF3B622 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!InitiateSystemShutdownW + 2 767C182B 6 Bytes JMP 5FF3D828 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!InitiateSystemShutdownExW + 2 767C18F3 6 Bytes JMP 5FF3DAE0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!AbortSystemShutdownW + 2 767C1B14 7 Bytes JMP 5FF3DD98 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!EnumServicesStatusExW 767C6909 7 Bytes JMP 5FF3B77E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!EnumServicesStatusA 767C6B47 7 Bytes JMP 5FF3B36A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 7 Bytes JMP 5FF3BFAA C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 7 Bytes JMP 5FF3ADFA C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 7 Bytes JMP 5FF3AF56 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 7 Bytes JMP 5FF3B0B2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 7 Bytes JMP 5FF3B20E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!CreateServiceA 767C72A1 7 Bytes JMP 5FF3983A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!EnumDependentServicesA 767C7505 7 Bytes JMP 5FF3AB42 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!EnumDependentServicesW 767C75D9 7 Bytes JMP 5FF3AC9E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!QueryServiceConfig2A 767C7891 7 Bytes JMP 5FF3A88A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 7 Bytes JMP 5FF3A9E6 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ADVAPI32.dll!EnumServicesStatusW + 2 767C7F63 5 Bytes JMP 5FF3B4C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SetUserObjectSecurity + 2 76C42811 6 Bytes JMP 5FF3C51C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SetWindowsHookExA + 2 76C46324 5 Bytes JMP 5FF3CD44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!BroadcastSystemMessageW + 2 76C48141 5 Bytes JMP 5FF38EB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SetWindowsHookExW + 2 76C487AF 5 Bytes JMP 5FF3CEA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendNotifyMessageW + 2 76C493D8 6 Bytes JMP 5FF38944 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!BroadcastSystemMessageExW + 2 76C4941B 5 Bytes JMP 5FF3916C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!PostThreadMessageA + 2 76C4BD36 5 Bytes JMP 5FF37FC0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!PostThreadMessageA + 8 76C4BD3C 2 Bytes JMP 6D554DD1

.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!PostMessageA + 2 76C4F8FA 5 Bytes JMP 5FF37D08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendMessageA + 2 76C4F958 7 Bytes JMP 5FF37A50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendMessageTimeoutW + 2 76C5352F 5 Bytes JMP 5FF3868C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendMessageCallbackW + 2 76C54572 5 Bytes JMP 5FF383D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!PostThreadMessageW 76C57C8E 5 Bytes JMP 5FF3811C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!PostMessageW + 2 76C5A177 6 Bytes JMP 5FF37E64 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendMessageW + 2 76C60AEF 7 Bytes JMP 5FF37BAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendDlgItemMessageA + 2 76C6275D 7 Bytes JMP 5FF38AA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!OpenClipboard + 2 76C6C31F 7 Bytes JMP 5FF3495C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendNotifyMessageA + 2 76C6DFD1 6 Bytes JMP 5FF387E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendMessageTimeoutA + 2 76C70008 5 Bytes JMP 5FF38530 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendDlgItemMessageW + 2 76C70E3A 7 Bytes JMP 5FF38BFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SetWindowsHookA + 2 76C8624B 5 Bytes JMP 5FF3CFFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SetWindowsHookW + 2 76C86266 5 Bytes JMP 5FF3D158 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!EndTask + 2 76C8AD34 6 Bytes JMP 5FF378F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!ExitWindowsEx + 2 76C8B7C5 6 Bytes JMP 5FF3DEF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!BroadcastSystemMessageExA + 2 76CA28E5 5 Bytes JMP 5FF39010 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!BroadcastSystemMessage + 2 76CA290C 5 Bytes JMP 5FF38D58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] USER32.dll!SendMessageCallbackA + 2 76CA2CA9 5 Bytes JMP 5FF38278 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ole32.dll!CoGetClassObject + 2 7595FAEA 8 Bytes JMP 5FF343EC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ole32.dll!CoCreateInstanceEx + 2 75979F83 7 Bytes JMP 5FF34290 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ole32.dll!CoInitializeEx + 2 7597ADFD 5 Bytes JMP 5FF34134 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ole32.dll!CoGetInstanceFromFile + 2 759CC597 8 Bytes JMP 5FF34548 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] ole32.dll!CoGetInstanceFromIStorage + 2 759E87CF 8 Bytes JMP 5FF346A4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] kernel32.dll!CreateProcessW 76811BF3 7 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] kernel32.dll!CreateProcessA 76811C28 7 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] kernel32.dll!FreeLibrary 76853FA4 6 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] kernel32.dll!ExitProcess 768543F4 7 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] kernel32.dll!GetProcAddress 7685925B 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 5 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 5 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe[5492] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 5 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!TerminateProcess + 2 768118F1 7 Bytes JMP 5FF3763B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!CreateProcessW + 2 76811BF5 8 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!CreateProcessA + 2 76811C2A 8 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!WriteProcessMemory + 2 76811CBA 8 Bytes JMP 5FF3C677 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!VirtualProtect + 2 76811DC5 6 Bytes JMP 5FF3CBE7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!LoadLibraryExW 7683927C 12 Bytes JMP 5FF365E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!OpenThread + 2 7683C8EE 6 Bytes JMP 5FF3D2B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!VirtualProtectEx + 2 7683DC54 10 Bytes JMP 5FF3CA8B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!FreeLibrary + 2 76853FA6 7 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!ExitProcess + 1 768543F5 11 Bytes JMP 5FF3689E C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!TerminateThread + 2 76854415 6 Bytes JMP 5FF37797 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!GetProcAddress + 2 7685925D 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!VirtualAllocEx + 2 7685AF1E 7 Bytes JMP 5FF3C92F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!CreateRemoteThread 7685CB55 10 Bytes JMP 5FF3C7D1 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] kernel32.dll!DebugActiveProcess + 2 76899BC3 8 Bytes JMP 5FF3D40F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SetUserObjectSecurity 76C4280F 5 Bytes JMP 5FF3C51C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SetWindowsHookExA 76C46322 5 Bytes JMP 5FF3CD44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!BroadcastSystemMessageW 76C4813F 5 Bytes JMP 5FF38EB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SetWindowsHookExW 76C487AD 5 Bytes JMP 5FF3CEA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendNotifyMessageW 76C493D6 5 Bytes JMP 5FF38944 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!BroadcastSystemMessageExW 76C49419 5 Bytes JMP 5FF3916C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!PostThreadMessageA 76C4BD34 5 Bytes JMP 5FF37FC0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!PostMessageA 76C4F8F8 5 Bytes JMP 5FF37D08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendMessageA 76C4F956 5 Bytes JMP 5FF37A50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendMessageTimeoutW 76C5352D 5 Bytes JMP 5FF3868C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendMessageCallbackW 76C54570 5 Bytes JMP 5FF383D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!PostThreadMessageW 76C57C8E 5 Bytes JMP 5FF3811C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!PostMessageW 76C5A175 5 Bytes JMP 5FF37E64 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendMessageW 76C60AED 5 Bytes JMP 5FF37BAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendDlgItemMessageA 76C6275B 5 Bytes JMP 5FF38AA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!OpenClipboard 76C6C31D 5 Bytes JMP 5FF3495C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendNotifyMessageA 76C6DFCF 5 Bytes JMP 5FF387E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendMessageTimeoutA 76C70006 5 Bytes JMP 5FF38530 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendDlgItemMessageW 76C70E38 5 Bytes JMP 5FF38BFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SetWindowsHookA 76C86249 5 Bytes JMP 5FF3CFFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SetWindowsHookW 76C86264 5 Bytes JMP 5FF3D158 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!EndTask 76C8AD32 5 Bytes JMP 5FF378F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!ExitWindowsEx 76C8B7C3 5 Bytes JMP 5FF3DEF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!BroadcastSystemMessageExA 76CA28E3 5 Bytes JMP 5FF39010 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!BroadcastSystemMessage + 2 76CA290C 7 Bytes JMP 5FF38D57 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendMessageCallbackA 76CA2CA7 2 Bytes JMP 5FF38278 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] USER32.dll!SendMessageCallbackA + 3 76CA2CAA 2 Bytes [29, E9] {SUB ECX, EBP}
 
System affected with virus

Fifth part of GMER log:



.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!StartServiceW 76763E0B 12 Bytes JMP 5FF3A061 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!SetKernelObjectSecurity + 2 76763ED0 6 Bytes JMP 5FF3BE4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 12 Bytes JMP 5FF3A319 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!QueryServiceConfigW 767650A4 12 Bytes JMP 5FF3A72D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!QueryServiceConfigA 767651AD 12 Bytes JMP 5FF3A5D1 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!OpenSCManagerW 76767137 12 Bytes JMP 5FF396DD C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!OpenServiceW 76768354 12 Bytes JMP 5FF39C4D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!QueryServiceStatus 7676842C 12 Bytes JMP 5FF3A1BD C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!AdjustTokenPrivileges + 2 767699CF 7 Bytes JMP 5FF3BA3B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!CreateServiceW 76789EB4 12 Bytes JMP 5FF39995 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!ControlService 76789FB8 12 Bytes JMP 5FF3A475 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!DeleteService 7678A07E 12 Bytes JMP 5FF39DA9 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 12 Bytes JMP 5FF3B621 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!InitiateSystemShutdownW + 2 767C182B 6 Bytes JMP 5FF3D827 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!InitiateSystemShutdownExW + 2 767C18F3 6 Bytes JMP 5FF3DADF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!AbortSystemShutdownW + 2 767C1B14 7 Bytes JMP 5FF3DD97 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!EnumServicesStatusExW 767C6909 12 Bytes JMP 5FF3B77D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!EnumServicesStatusA 767C6B47 12 Bytes JMP 5FF3B369 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 12 Bytes JMP 5FF3BFA9 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 12 Bytes JMP 5FF3ADF9 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 12 Bytes JMP 5FF3AF55 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 12 Bytes JMP 5FF3B0B1 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 12 Bytes JMP 5FF3B20D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!CreateServiceA 767C72A1 12 Bytes JMP 5FF39839 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!EnumDependentServicesA 767C7505 12 Bytes JMP 5FF3AB41 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!EnumDependentServicesW 767C75D9 12 Bytes JMP 5FF3AC9D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!QueryServiceConfig2A 767C7891 12 Bytes JMP 5FF3A889 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 12 Bytes JMP 5FF3A9E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ADVAPI32.dll!EnumServicesStatusW + 2 767C7F63 8 Bytes JMP 5FF3B4C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SetUserObjectSecurity + 2 76C42811 6 Bytes JMP 5FF3C51B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SetWindowsHookExA + 2 76C46324 3 Bytes JMP 5FF3CD43 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SetWindowsHookExA + 6 76C46328 4 Bytes JMP ECC3F3BD
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!BroadcastSystemMessageW + 2 76C48141 7 Bytes JMP 5FF38EB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SetWindowsHookExW + 2 76C487AF 8 Bytes JMP 5FF3CE9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendNotifyMessageW + 2 76C493D8 6 Bytes JMP 5FF38943 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!BroadcastSystemMessageExW + 2 76C4941B 8 Bytes JMP 5FF3916B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!PostThreadMessageA + 2 76C4BD36 8 Bytes JMP 5FF37FBF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!PostMessageA + 2 76C4F8FA 8 Bytes JMP 5FF37D07 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendMessageA + 2 76C4F958 7 Bytes JMP 5FF37A4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendMessageTimeoutW + 2 76C5352F 8 Bytes JMP 5FF3868B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendMessageCallbackW + 2 76C54572 8 Bytes JMP 5FF383D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!PostThreadMessageW 76C57C8E 5 Bytes JMP 5FF3811C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!PostMessageW + 2 76C5A177 6 Bytes JMP 5FF37E63 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendMessageW + 2 76C60AEF 7 Bytes JMP 5FF37BAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendDlgItemMessageA + 2 76C6275D 7 Bytes JMP 5FF38A9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!OpenClipboard + 2 76C6C31F 7 Bytes JMP 5FF3495B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendNotifyMessageA + 2 76C6DFD1 6 Bytes JMP 5FF387E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendMessageTimeoutA + 2 76C70008 8 Bytes JMP 5FF3852F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendDlgItemMessageW + 2 76C70E3A 7 Bytes JMP 5FF38BFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SetWindowsHookA + 2 76C8624B 8 Bytes JMP 5FF3CFFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SetWindowsHookW + 2 76C86266 2 Bytes [90, E9]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SetWindowsHookW + 5 76C86269 5 Bytes [6E, 2B, E9, 90, 90] {OUTSB ; SUB EBP, ECX; NOP ; NOP }
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!EndTask + 2 76C8AD34 6 Bytes JMP 5FF378F3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!ExitWindowsEx + 2 76C8B7C5 6 Bytes JMP 5FF3DEF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!BroadcastSystemMessageExA + 2 76CA28E5 8 Bytes JMP 5FF3900F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!BroadcastSystemMessage + 2 76CA290C 7 Bytes JMP 5FF38D57 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] USER32.dll!SendMessageCallbackA + 2 76CA2CA9 8 Bytes JMP 5FF38277 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ole32.dll!CoGetClassObject + 2 7595FAEA 8 Bytes JMP 5FF343EB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ole32.dll!CoCreateInstanceEx + 2 75979F83 7 Bytes JMP 5FF3428F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ole32.dll!CoInitializeEx + 2 7597ADFD 6 Bytes JMP 5FF34133 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ole32.dll!CoGetInstanceFromFile + 2 759CC597 8 Bytes JMP 5FF34547 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] ole32.dll!CoGetInstanceFromIStorage + 2 759E87CF 8 Bytes JMP 5FF346A3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5300] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!TerminateProcess 768118EF 9 Bytes JMP 5FF3763B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!CreateProcessW 76811BF3 7 Bytes JMP 5FF36E0F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!CreateProcessA 76811C28 7 Bytes JMP 5FF36CB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!WriteProcessMemory 76811CB8 6 Bytes JMP 5FF3C677 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!VirtualProtect 76811DC3 8 Bytes JMP 5FF3CBE7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!OpenThread 7683C8EC 8 Bytes JMP 5FF3D2B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!VirtualProtectEx 7683DC52 6 Bytes JMP 5FF3CA8B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!FreeLibrary 76853FA4 6 Bytes JMP 5FF369FB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!ExitProcess 768543F4 7 Bytes JMP 5FF3689F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!TerminateThread 76854413 8 Bytes JMP 5FF37797 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!GetProcAddress 7685925B 6 Bytes JMP 5FF36743 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!VirtualAllocEx 7685AF1C 6 Bytes JMP 5FF3C92F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!CreateRemoteThread 7685CB55 10 Bytes JMP 5FF3C7D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] kernel32.dll!DebugActiveProcess 76899BC1 10 Bytes JMP 5FF3D40F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!StartServiceA 7674A24D 7 Bytes JMP 5FF39F07 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 6 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!SetFileSecurityW 7674EBFE 8 Bytes JMP 5FF3BCF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!SetSecurityInfo 76755894 8 Bytes JMP 5FF3C107 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!SetNamedSecurityInfoW 76755956 8 Bytes JMP 5FF3C3BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 8 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!OpenSCManagerA 76762D93 7 Bytes JMP 5FF39583 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!OpenServiceA 76762EBD 7 Bytes JMP 5FF39AF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!StartServiceW 76763E0B 7 Bytes JMP 5FF3A063 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!SetKernelObjectSecurity 76763ECE 8 Bytes JMP 5FF3BE4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 7 Bytes JMP 5FF3A31B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!QueryServiceConfigW 767650A4 7 Bytes JMP 5FF3A72F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!QueryServiceConfigA 767651AD 7 Bytes JMP 5FF3A5D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!OpenSCManagerW 76767137 7 Bytes JMP 5FF396DF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!OpenServiceW 76768354 7 Bytes JMP 5FF39C4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!QueryServiceStatus 7676842C 7 Bytes JMP 5FF3A1BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!AdjustTokenPrivileges 767699CD 6 Bytes JMP 5FF3BA3B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!CreateServiceW 76789EB4 7 Bytes JMP 5FF39997 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!ControlService 76789FB8 7 Bytes JMP 5FF3A477 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!DeleteService 7678A07E 7 Bytes JMP 5FF39DAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 7 Bytes JMP 5FF3B623 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 8 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!InitiateSystemShutdownW 767C1829 8 Bytes JMP 5FF3D827 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!InitiateSystemShutdownExW 767C18F1 8 Bytes JMP 5FF3DADF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!AbortSystemShutdownW 767C1B12 6 Bytes JMP 5FF3DD97 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!EnumServicesStatusExW 767C6909 7 Bytes JMP 5FF3B77F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!EnumServicesStatusA 767C6B47 7 Bytes JMP 5FF3B36B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 7 Bytes JMP 5FF3BFAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 7 Bytes JMP 5FF3ADFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 7 Bytes JMP 5FF3AF57 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 7 Bytes JMP 5FF3B0B3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 7 Bytes JMP 5FF3B20F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!CreateServiceA 767C72A1 7 Bytes JMP 5FF3983B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!EnumDependentServicesA 767C7505 7 Bytes JMP 5FF3AB43 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!EnumDependentServicesW 767C75D9 7 Bytes JMP 5FF3AC9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!QueryServiceConfig2A 767C7891 7 Bytes JMP 5FF3A88B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 7 Bytes JMP 5FF3A9E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ADVAPI32.dll!EnumServicesStatusW 767C7F61 7 Bytes JMP 5FF3B4C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SetUserObjectSecurity 76C4280F 8 Bytes JMP 5FF3C51B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SetWindowsHookExA 76C46322 7 Bytes JMP 5FF3CD43 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!BroadcastSystemMessageW 76C4813F 7 Bytes JMP 5FF38EB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SetWindowsHookExW 76C487AD 7 Bytes JMP 5FF3CE9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendNotifyMessageW 76C493D6 8 Bytes JMP 5FF38943 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!BroadcastSystemMessageExW 76C49419 7 Bytes JMP 5FF3916B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!PostThreadMessageA 76C4BD34 7 Bytes JMP 5FF37FBF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!PostThreadMessageA + 8 76C4BD3C 2 Bytes [90, 90] {NOP ; NOP }
 
System affected with virus

Sixth part of GMER Log:



.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!PostMessageA 76C4F8F8 6 Bytes JMP 5FF37D07 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendMessageA 76C4F956 6 Bytes JMP 5FF37A4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendMessageTimeoutW 76C5352D 7 Bytes JMP 5FF3868B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendMessageCallbackW 76C54570 6 Bytes JMP 5FF383D3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!PostThreadMessageW 76C57C8E 6 Bytes JMP 5FF3811B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!PostMessageW 76C5A175 8 Bytes JMP 5FF37E63 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendMessageW 76C60AED 6 Bytes JMP 5FF37BAB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendDlgItemMessageA 76C6275B 9 Bytes JMP 5FF38A9F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!OpenClipboard 76C6C31D 6 Bytes JMP 5FF3495B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendNotifyMessageA 76C6DFCF 8 Bytes JMP 5FF387E7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendMessageTimeoutA 76C70006 7 Bytes JMP 5FF3852F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendDlgItemMessageW 76C70E38 9 Bytes JMP 5FF38BFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SetWindowsHookA 76C86249 7 Bytes JMP 5FF3CFFB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SetWindowsHookW 76C86264 7 Bytes JMP 5FF3D157 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!EndTask 76C8AD32 8 Bytes JMP 5FF378F3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!ExitWindowsEx 76C8B7C3 8 Bytes JMP 5FF3DEF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!BroadcastSystemMessageExA 76CA28E3 7 Bytes JMP 5FF3900F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!BroadcastSystemMessage 76CA290A 7 Bytes JMP 5FF38D57 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] USER32.dll!SendMessageCallbackA 76CA2CA7 6 Bytes JMP 5FF38277 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ole32.dll!CoGetClassObject 7595FAE8 10 Bytes JMP 5FF343EB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ole32.dll!CoCreateInstanceEx 75979F81 6 Bytes JMP 5FF3428F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ole32.dll!CoInitializeEx 7597ADFB 6 Bytes JMP 5FF34133 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ole32.dll!CoGetInstanceFromFile 759CC595 10 Bytes JMP 5FF34547 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] ole32.dll!CoGetInstanceFromIStorage 759E87CD 10 Bytes JMP 5FF346A3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!TerminateProcess + 2 768118F1 7 Bytes JMP 5FF3763C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!CreateProcessW + 2 76811BF5 5 Bytes JMP 5FF36E10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!CreateProcessA + 2 76811C2A 5 Bytes JMP 5FF36CB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!WriteProcessMemory + 2 76811CBA 5 Bytes JMP 5FF3C678 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!VirtualProtect + 2 76811DC5 6 Bytes JMP 5FF3CBE8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E6 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\ehome\ehtray.exe[5360] kernel32.dll!OpenThread + 2 7683C8EE 6 Bytes JMP 5FF3D2B4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)

.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!StartServiceA 7674A24D 12 Bytes JMP 5FF39F05 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!CreateProcessAsUserA + 2 7674CEBB 7 Bytes JMP 5FF37223 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!SetFileSecurityW + 2 7674EC00 6 Bytes JMP 5FF3BCF3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!SetSecurityInfo + 2 76755896 6 Bytes JMP 5FF3C107 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!SetNamedSecurityInfoW + 2 76755958 6 Bytes JMP 5FF3C3BF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!CreateProcessAsUserW + 2 76761EEB 6 Bytes JMP 5FF370C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!OpenSCManagerA 76762D93 12 Bytes JMP 5FF39581 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!OpenServiceA 76762EBD 4 Bytes [8B, FF, 90, E9]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!OpenServiceA + 5 76762EC2 7 Bytes JMP 0706BF57
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!StartServiceW 76763E0B 12 Bytes JMP 5FF3A061 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!SetKernelObjectSecurity + 2 76763ED0 6 Bytes JMP 5FF3BE4F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 12 Bytes JMP 5FF3A319 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!QueryServiceConfigW 767650A4 12 Bytes JMP 5FF3A72D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!QueryServiceConfigA 767651AD 12 Bytes JMP 5FF3A5D1 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!OpenSCManagerW 76767137 12 Bytes JMP 5FF396DD C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!OpenServiceW 76768354 12 Bytes JMP 5FF39C4D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!QueryServiceStatus 7676842C 12 Bytes JMP 5FF3A1BD C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!AdjustTokenPrivileges + 2 767699CF 7 Bytes JMP 5FF3BA3B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!CreateServiceW 76789EB4 12 Bytes JMP 5FF39995 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!ControlService 76789FB8 12 Bytes JMP 5FF3A475 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!DeleteService 7678A07E 12 Bytes JMP 5FF39DA9 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 12 Bytes JMP 5FF3B621 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!CreateProcessWithLogonW + 2 767A80C3 6 Bytes JMP 5FF36F6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!InitiateSystemShutdownW + 2 767C182B 6 Bytes JMP 5FF3D827 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!InitiateSystemShutdownExW + 2 767C18F3 6 Bytes JMP 5FF3DADF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!AbortSystemShutdownW + 2 767C1B14 7 Bytes JMP 5FF3DD97 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!EnumServicesStatusExW 767C6909 12 Bytes JMP 5FF3B77D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!EnumServicesStatusA 767C6B47 12 Bytes JMP 5FF3B369 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 12 Bytes JMP 5FF3BFA9 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 12 Bytes JMP 5FF3ADF9 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 12 Bytes JMP 5FF3AF55 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 12 Bytes JMP 5FF3B0B1 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 12 Bytes JMP 5FF3B20D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!CreateServiceA 767C72A1 12 Bytes JMP 5FF39839 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!EnumDependentServicesA 767C7505 12 Bytes JMP 5FF3AB41 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!EnumDependentServicesW 767C75D9 12 Bytes JMP 5FF3AC9D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!QueryServiceConfig2A 767C7891 12 Bytes JMP 5FF3A889 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 12 Bytes JMP 5FF3A9E5 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ADVAPI32.dll!EnumServicesStatusW + 2 767C7F63 8 Bytes JMP 5FF3B4C7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ole32.dll!CoGetClassObject + 2 7595FAEA 8 Bytes JMP 5FF343EB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ole32.dll!CoCreateInstanceEx + 2 75979F83 7 Bytes JMP 5FF3428F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ole32.dll!CoInitializeEx + 2 7597ADFD 6 Bytes JMP 5FF34133 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ole32.dll!CoGetInstanceFromFile + 2 759CC597 8 Bytes JMP 5FF34547 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] ole32.dll!CoGetInstanceFromIStorage + 2 759E87CF 8 Bytes JMP 5FF346A3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] SHELL32.dll!SHCreateProcessAsUserW 75E399C3 8 Bytes JMP 5FF3737D C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!TerminateProcess 768118EF 5 Bytes JMP 5FF3763C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!CreateProcessW 76811BF3 5 Bytes JMP 5FF36E10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!CreateProcessA 76811C28 5 Bytes JMP 5FF36CB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!WriteProcessMemory 76811CB8 5 Bytes JMP 5FF3C678 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!VirtualProtect 76811DC3 5 Bytes JMP 5FF3CBE8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!LoadLibraryExW 7683927C 7 Bytes JMP 5FF365E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!OpenThread 7683C8EC 5 Bytes JMP 5FF3D2B4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!VirtualProtectEx 7683DC52 5 Bytes JMP 5FF3CA8C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!FreeLibrary 76853FA4 5 Bytes JMP 5FF369FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!ExitProcess 768543F4 5 Bytes JMP 5FF368A0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!TerminateThread 76854413 5 Bytes JMP 5FF37798 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!GetProcAddress 7685925B 5 Bytes JMP 5FF36744 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!VirtualAllocEx 7685AF1C 5 Bytes JMP 5FF3C930 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!CreateRemoteThread 7685CB55 5 Bytes JMP 5FF3C7D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] kernel32.dll!DebugActiveProcess 76899BC1 5 Bytes JMP 5FF3D410 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!StartServiceA 7674A24D 7 Bytes JMP 5FF39F08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!CreateProcessAsUserA 7674CEB9 5 Bytes JMP 5FF37224 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!SetFileSecurityW 7674EBFE 5 Bytes JMP 5FF3BCF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!SetSecurityInfo 76755894 5 Bytes JMP 5FF3C108 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!SetNamedSecurityInfoW 76755956 5 Bytes JMP 5FF3C3C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!CreateProcessAsUserW 76761EE9 5 Bytes JMP 5FF370C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!OpenSCManagerA 76762D93 7 Bytes JMP 5FF39584 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!OpenServiceA 76762EBD 7 Bytes JMP 5FF39AF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!StartServiceW 76763E0B 7 Bytes JMP 5FF3A064 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!SetKernelObjectSecurity 76763ECE 5 Bytes JMP 5FF3BE50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!QueryServiceStatusEx 76764FFE 7 Bytes JMP 5FF3A31C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!QueryServiceConfigW 767650A4 7 Bytes JMP 5FF3A730 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!QueryServiceConfigA 767651AD 7 Bytes JMP 5FF3A5D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!OpenSCManagerW 76767137 7 Bytes JMP 5FF396E0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!OpenServiceW 76768354 7 Bytes JMP 5FF39C50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!QueryServiceStatus 7676842C 7 Bytes JMP 5FF3A1C0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!AdjustTokenPrivileges 767699CD 5 Bytes JMP 5FF3BA3C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!CreateServiceW 76789EB4 7 Bytes JMP 5FF39998 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!ControlService 76789FB8 7 Bytes JMP 5FF3A478 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!DeleteService 7678A07E 7 Bytes JMP 5FF39DAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!EnumServicesStatusExA 7678B31B 7 Bytes JMP 5FF3B624 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!CreateProcessWithLogonW 767A80C1 5 Bytes JMP 5FF36F6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!InitiateSystemShutdownW 767C1829 5 Bytes JMP 5FF3D828 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!InitiateSystemShutdownExW 767C18F1 5 Bytes JMP 5FF3DAE0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!AbortSystemShutdownW 767C1B12 5 Bytes JMP 5FF3DD98 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!EnumServicesStatusExW 767C6909 7 Bytes JMP 5FF3B780 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!EnumServicesStatusA 767C6B47 7 Bytes JMP 5FF3B36C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!SetServiceObjectSecurity 767C6CD9 7 Bytes JMP 5FF3BFAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!ChangeServiceConfigA 767C6DD9 7 Bytes JMP 5FF3ADFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!ChangeServiceConfigW 767C6F81 7 Bytes JMP 5FF3AF58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!ChangeServiceConfig2A 767C7099 7 Bytes JMP 5FF3B0B4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!ChangeServiceConfig2W 767C71E1 7 Bytes JMP 5FF3B210 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!CreateServiceA 767C72A1 7 Bytes JMP 5FF3983C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!EnumDependentServicesA 767C7505 7 Bytes JMP 5FF3AB44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!EnumDependentServicesW 767C75D9 7 Bytes JMP 5FF3ACA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!QueryServiceConfig2A 767C7891 7 Bytes JMP 5FF3A88C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!QueryServiceConfig2W 767C7A19 7 Bytes JMP 5FF3A9E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ADVAPI32.dll!EnumServicesStatusW 767C7F61 5 Bytes JMP 5FF3B4C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SetUserObjectSecurity 76C4280F 5 Bytes JMP 5FF3C51C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SetWindowsHookExA 76C46322 5 Bytes JMP 5FF3CD44 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!BroadcastSystemMessageW 76C4813F 5 Bytes JMP 5FF38EB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SetWindowsHookExW 76C487AD 5 Bytes JMP 5FF3CEA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendNotifyMessageW 76C493D6 5 Bytes JMP 5FF38944 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!BroadcastSystemMessageExW 76C49419 5 Bytes JMP 5FF3916C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!PostThreadMessageA 76C4BD34 5 Bytes JMP 5FF37FC0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!PostMessageA 76C4F8F8 5 Bytes JMP 5FF37D08 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendMessageA 76C4F956 5 Bytes JMP 5FF37A50 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendMessageTimeoutW 76C5352D 5 Bytes JMP 5FF3868C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendMessageCallbackW 76C54570 5 Bytes JMP 5FF383D4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!PostThreadMessageW 76C57C8E 5 Bytes JMP 5FF3811C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!PostMessageW 76C5A175 5 Bytes JMP 5FF37E64 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendMessageW 76C60AED 5 Bytes JMP 5FF37BAC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendDlgItemMessageA 76C6275B 5 Bytes JMP 5FF38AA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!OpenClipboard 76C6C31D 5 Bytes JMP 5FF3495C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendNotifyMessageA 76C6DFCF 5 Bytes JMP 5FF387E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendMessageTimeoutA 76C70006 5 Bytes JMP 5FF38530 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendDlgItemMessageW 76C70E38 5 Bytes JMP 5FF38BFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SetWindowsHookA 76C86249 5 Bytes JMP 5FF3CFFC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SetWindowsHookW 76C86264 5 Bytes JMP 5FF3D158 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!EndTask 76C8AD32 5 Bytes JMP 5FF378F4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!ExitWindowsEx 76C8B7C3 5 Bytes JMP 5FF3DEF4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!BroadcastSystemMessageExA 76CA28E3 5 Bytes JMP 5FF39010 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!BroadcastSystemMessage 76CA290A 5 Bytes JMP 5FF38D58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendMessageCallbackA 76CA2CA7 2 Bytes JMP 5FF38278 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] USER32.dll!SendMessageCallbackA + 3 76CA2CAA 2 Bytes [29, E9] {SUB ECX, EBP}
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ole32.dll!CoGetClassObject 7595FAE8 10 Bytes JMP 5FF343EB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ole32.dll!CoCreateInstanceEx 75979F81 6 Bytes JMP 5FF3428F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ole32.dll!CoInitializeEx + 2 7597ADFD 5 Bytes JMP 5FF34134 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ole32.dll!CoGetInstanceFromFile + 2 759CC597 8 Bytes JMP 5FF34548 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] ole32.dll!CoGetInstanceFromIStorage + 2 759E87CF 8 Bytes JMP 5FF346A4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
 
System affected with virus

Seventh part of Gmer Log:



---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\nvvsvc.exe[972] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\rundll32.exe[1556] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\svcprs32.exe[2384] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Defender\MSASCui.exe[2552] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\Dwm.exe[2856] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\Dwm.exe[2856] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\Dwm.exe[2856] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\Dwm.exe[2856] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\Dwm.exe[2856] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\Dwm.exe[2856] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\Dwm.exe[2856] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\Dwm.exe[2856] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\System32\CRYPT32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\Explorer.EXE[2968] @ C:\Windows\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\mdmcls32.exe[3644] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\system32\SearchIndexer.exe[3952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe[4176] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\System32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\System32\USERENV.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\System32\rundll32.exe[4256] @ C:\Windows\System32\USERENV.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4364] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[5300] @ C:\Windows\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5352] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Windows\ehome\ehtray.exe[5360] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF370C8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\userenv.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3BCF4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\userenv.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3C3C0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[5660] @ C:\Windows\system32\userenv.dll [ADVAPI32.dll!SetSecurityInfo] [5FF3C108] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenThread] [5FF3D2B4] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAllocEx] [5FF3C930] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3BA3C] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualProtect] [5FF3CBE8] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Users\Sreenath\Desktop\ubz74szt.exe[8072] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3CEA0] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b818a32
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b818a32@1886acdb0387 0xF2 0x46 0x78 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b818a32@2ca8352ab3fe 0xD8 0x94 0x0D 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b818a32 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b818a32@1886acdb0387 0xF2 0x46 0x78 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b818a32@2ca8352ab3fe 0xD8 0x94 0x0D 0x9F ...

---- EOF - GMER 1.0.15 ----
 
System affected with virus

I ran DDS also, please let me know if i need to paste even "attach" log and DDS log here ....Thanks!
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
N
  • Locked
Inactive Possible remote control virus
Replies
2
Views
3K
Broni
Broni

Latest posts

Back