Broni,
I am unable to update MalwareBytes on this machine for some reason, so I don't trust the logs.
I have attached them below, in case there is an issue...this computer is networked with another with a bug that we fixed earlier. Logs below
Malware log (not sure if it is reliable as the database didnt update and it said it is 75 days out of date)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.04.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: WEST [administrator]
Protection: Enabled
18/06/2012 7:38:51 PM
mbam-log-2012-06-18 (19-38-51).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278123
Time elapsed: 52 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER log
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-06-18 22:16:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD3200AAJS-22L7A0 rev.01.03E01
Running: pu82zy4i.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pgldqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C8B3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\haosr.sys The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessW + 2 76D3204F 8 Bytes JMP 5FF4E43F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessA + 2 76D32084 8 Bytes JMP 5FF4E2E3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW + 2 76D7507B 9 Bytes JMP 5FF4DD6F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetProcAddress 76D7CC94 5 Bytes JMP 5FF4DECC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!FreeLibrary 76D7EF67 5 Bytes JMP 5FF4E028 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!CreateProcessAsUserW 7777C592 5 Bytes JMP 5FF4E6F8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!CreateProcessAsUserA + 2 777B253A 8 Bytes JMP 5FF4E853 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!CreateProcessWithLogonW + 2 777B52EB 6 Bytes JMP 5FF4E59B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[772] SHELL32.dll!SHCreateProcessAsUserW 761C6710 8 Bytes JMP 5FF4E9AD C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] kernel32.dll!CreateProcessW + 2 76D3204F 5 Bytes JMP 5FF4E440 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] kernel32.dll!CreateProcessA + 2 76D32084 5 Bytes JMP 5FF4E2E4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] kernel32.dll!LoadLibraryExW + 2 76D7507B 4 Bytes JMP 5FF4DD70 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] kernel32.dll!LoadLibraryExW + 7 76D75080 4 Bytes JMP 0767E115
.text C:\Windows\System32\svchost.exe[880] kernel32.dll!GetProcAddress 76D7CC94 5 Bytes JMP 5FF4DECC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] kernel32.dll!FreeLibrary 76D7EF67 5 Bytes JMP 5FF4E028 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserW 7777C592 5 Bytes JMP 5FF4E6F8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserA + 2 777B253A 5 Bytes JMP 5FF4E854 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] ADVAPI32.dll!CreateProcessWithLogonW + 2 777B52EB 6 Bytes JMP 5FF4E59C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[880] SHELL32.dll!SHCreateProcessAsUserW 761C6710 8 Bytes JMP 5FF4E9AE C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 76D3204D 7 Bytes JMP 5FF4E43F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 76D32082 7 Bytes JMP 5FF4E2E3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 76D75079 6 Bytes JMP 5FF4DD6F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetProcAddress 76D7CC94 6 Bytes JMP 5FF4DECB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!FreeLibrary 76D7EF67 6 Bytes JMP 5FF4E027 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserW 7777C592 6 Bytes JMP 5FF4E6F7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 777B2538 7 Bytes JMP 5FF4E853 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessWithLogonW 777B52E9 8 Bytes JMP 5FF4E59B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessW + 2 76D3204F 8 Bytes JMP 5FF4E43F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessA + 2 76D32084 8 Bytes JMP 5FF4E2E3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW + 2 76D7507B 9 Bytes JMP 5FF4DD6F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 76D7CC94 5 Bytes JMP 5FF4DECC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!FreeLibrary 76D7EF67 5 Bytes JMP 5FF4E028 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!CreateProcessAsUserW 7777C592 5 Bytes JMP 5FF4E6F8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!CreateProcessAsUserA + 2 777B253A 8 Bytes JMP 5FF4E853 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!CreateProcessWithLogonW + 2 777B52EB 6 Bytes JMP 5FF4E59B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessW + 2 76D3204F 5 Bytes JMP 5FF4E440 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessA + 2 76D32084 5 Bytes JMP 5FF4E2E4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW + 2 76D7507B 4 Bytes JMP 5FF4DD70 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW + 7 76D75080 4 Bytes JMP 0767E115
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 76D7CC94 5 Bytes JMP 5FF4DECC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!FreeLibrary 76D7EF67 5 Bytes JMP 5FF4E028 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateProcessAsUserW 7777C592 5 Bytes JMP 5FF4E6F8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateProcessAsUserA + 2 777B253A 5 Bytes JMP 5FF4E854 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateProcessWithLogonW + 2 777B52EB 6 Bytes JMP 5FF4E59C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 76D3204D 5 Bytes JMP 5FF4E440 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 76D32082 5 Bytes JMP 5FF4E2E4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 76D75079 5 Bytes JMP 5FF4DD70 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 76D7CC94 5 Bytes JMP 5FF4DECC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!FreeLibrary 76D7EF67 5 Bytes JMP 5FF4E028 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessAsUserW 7777C592 5 Bytes JMP 5FF4E6F8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessAsUserA 777B2538 5 Bytes JMP 5FF4E854 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!CreateProcessWithLogonW 777B52E9 5 Bytes JMP 5FF4E59C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] kernel32.dll!CreateProcessW 76D3204D 7 Bytes JMP 5FF4E43F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] kernel32.dll!CreateProcessA 76D32082 7 Bytes JMP 5FF4E2E3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] kernel32.dll!LoadLibraryExW 76D75079 6 Bytes JMP 5FF4DD6F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] kernel32.dll!GetProcAddress 76D7CC94 6 Bytes JMP 5FF4DECB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] kernel32.dll!FreeLibrary 76D7EF67 6 Bytes JMP 5FF4E027 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] ADVAPI32.dll!CreateProcessAsUserW 7777C592 6 Bytes JMP 5FF4E6F7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] ADVAPI32.dll!CreateProcessAsUserA 777B2538 7 Bytes JMP 5FF4E853 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] ADVAPI32.dll!CreateProcessWithLogonW 777B52E9 8 Bytes JMP 5FF4E59B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[2820] SHELL32.dll!SHCreateProcessAsUserW 761C6710 8 Bytes JMP 5FF4E9AF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreateProcessW 76D3204D 7 Bytes JMP 5FF4E43F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[3060] kernel32.dll!CreateProcessA 76D32082 7 Bytes JMP 5FF4E2E3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[3060] kernel32.dll!LoadLibraryExW 76D75079 6 Bytes JMP 5FF4DD6F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[3060] kernel32.dll!GetProcAddress 76D7CC94 6 Bytes JMP 5FF4DECB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[3060] kernel32.dll!FreeLibrary 76D7EF67 6 Bytes JMP 5FF4E027 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!CreateProcessAsUserW 7777C592 6 Bytes JMP 5FF4E6F7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!CreateProcessAsUserA 777B2538 7 Bytes JMP 5FF4E853 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\system32\svchost.exe[3060] ADVAPI32.dll!CreateProcessWithLogonW 777B52E9 8 Bytes JMP 5FF4E59B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] kernel32.dll!CreateProcessW + 2 76D3204F 5 Bytes JMP 5FF4E440 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] kernel32.dll!CreateProcessA + 2 76D32084 5 Bytes JMP 5FF4E2E4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] kernel32.dll!LoadLibraryExW + 2 76D7507B 4 Bytes JMP 5FF4DD70 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] kernel32.dll!LoadLibraryExW + 7 76D75080 4 Bytes JMP 0767E115
.text C:\Windows\System32\svchost.exe[5332] kernel32.dll!GetProcAddress 76D7CC94 5 Bytes JMP 5FF4DECC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] kernel32.dll!FreeLibrary 76D7EF67 5 Bytes JMP 5FF4E028 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] ADVAPI32.dll!CreateProcessAsUserW 7777C592 5 Bytes JMP 5FF4E6F8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] ADVAPI32.dll!CreateProcessAsUserA + 2 777B253A 5 Bytes JMP 5FF4E854 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] ADVAPI32.dll!CreateProcessWithLogonW + 2 777B52EB 6 Bytes JMP 5FF4E59C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Windows\System32\svchost.exe[5332] SHELL32.dll!SHCreateProcessAsUserW 761C6710 8 Bytes JMP 5FF4E9AE C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!CreateProcessW + 2 76D3204F 5 Bytes JMP 5FF4E440 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!CreateProcessA + 2 76D32084 5 Bytes JMP 5FF4E2E4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!VirtualProtect + 2 76D72BCF 4 Bytes JMP 5FF53B4C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!VirtualProtect + 7 76D72BD4 4 Bytes JMP 0767BC69
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!LoadLibraryExW + 2 76D7507B 4 Bytes JMP 5FF4DD70 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!LoadLibraryExW + 7 76D75080 4 Bytes JMP 0767E115
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!GetProcAddress 76D7CC94 5 Bytes JMP 5FF4DECC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!FreeLibrary 76D7EF67 5 Bytes JMP 5FF4E028 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!DebugActiveProcess + 2 76DB738E 8 Bytes JMP 5FF544D0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!VirtualProtectEx + 2 76DBFD53 4 Bytes JMP 5FF539F0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] kernel32.dll!VirtualProtectEx + 7 76DBFD58 4 Bytes JMP 076C8DED
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SetUserObjectSecurity + 2 77252287 6 Bytes JMP 5FF53893 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!BroadcastSystemMessageExW + 2 77254257 8 Bytes JMP 5FF504E3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!BroadcastSystemMessageW + 2 77257CBA 7 Bytes JMP 5FF5022B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!PostThreadMessageA + 2 7725AD0B 8 Bytes JMP 5FF4F337 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendMessageA + 2 7725AD62 7 Bytes JMP 5FF4EDC7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!PostMessageA + 2 7725B448 6 Bytes JMP 5FF4F07F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendNotifyMessageW + 2 7725C88C 6 Bytes JMP 5FF4FCBB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SetWindowsHookExW + 2 7725E30E 8 Bytes JMP 5FF53E03 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendMessageTimeoutW + 2 7725E45B 8 Bytes JMP 5FF4FA03 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!PostThreadMessageW + 2 7725EEFE 6 Bytes JMP 5FF4F493 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendMessageCallbackW + 2 77262F7D 8 Bytes JMP 5FF4F74B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!PostMessageW + 2 7726447D 7 Bytes JMP 5FF4F1DB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendMessageW + 2 7726553B 7 Bytes JMP 5FF4EF23 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendNotifyMessageA + 2 7727493E 6 Bytes JMP 5FF4FB5F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendDlgItemMessageW + 2 772770DA 7 Bytes JMP 5FF4FF73 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendDlgItemMessageA + 2 77277243 7 Bytes JMP 5FF4FE17 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!OpenClipboard + 2 77284480 7 Bytes JMP 5FF4D95B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SetWindowsHookExA + 2 77286D0E 8 Bytes JMP 5FF53CA7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendMessageTimeoutA + 2 77286DAB 8 Bytes JMP 5FF4F8A7 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SetWindowsHookA + 2 7729B643 8 Bytes JMP 5FF53F5F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SetWindowsHookW + 2 7729B65E 8 Bytes JMP 5FF540BB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!EndTask + 2 7729FD68 6 Bytes JMP 5FF4EC6B C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!ExitWindowsEx + 2 772A06C9 6 Bytes JMP 5FF54FB3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!BroadcastSystemMessageExA + 2 772B3B25 8 Bytes JMP 5FF50387 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!BroadcastSystemMessage + 2 772B3B4C 7 Bytes JMP 5FF500CF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] USER32.dll!SendMessageCallbackA + 2 772B3E8D 8 Bytes JMP 5FF4F5EF C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!EnumDependentServicesW 77771E3A 7 Bytes JMP 5FF52016 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!StartServiceW 77777974 5 Bytes JMP 5FF513DC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!QueryServiceStatusEx 7777798C 5 Bytes JMP 5FF51694 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!SetFileSecurityW 777779C3 5 Bytes JMP 5FF5306C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!SetSecurityInfo + 2 77779EE1 6 Bytes JMP 5FF53480 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77779FE4 6 Bytes JMP 5FF53738 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!EnumServicesStatusExW 7777B466 7 Bytes JMP 5FF52AF6 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!QueryServiceConfigW 7777B537 5 Bytes JMP 5FF51AA8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!CreateProcessAsUserW 7777C592 5 Bytes JMP 5FF4E6F8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!OpenServiceW 7777CA4C 5 Bytes JMP 5FF50FC8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!OpenSCManagerW 7777CA64 5 Bytes JMP 5FF50A58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!QueryServiceStatus 77782A86 5 Bytes JMP 5FF51538 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!OpenSCManagerA 77782BD8 5 Bytes JMP 5FF508FC C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!OpenServiceA 77782BF0 5 Bytes JMP 5FF50E6C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!AdjustTokenPrivileges 7778418E 5 Bytes JMP 5FF52DB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!SetKernelObjectSecurity 77784645 5 Bytes JMP 5FF531C8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!CreateServiceW 7779712C 5 Bytes JMP 5FF50D10 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!ControlService 77797144 5 Bytes JMP 5FF517F0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!DeleteService 7779715C 5 Bytes JMP 5FF51124 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!QueryServiceConfigA 77799A4F 5 Bytes JMP 5FF5194C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!EnumServicesStatusExA 7779A3E2 7 Bytes JMP 5FF5299A C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!CreateProcessAsUserA + 2 777B253A 5 Bytes JMP 5FF4E854 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!ChangeServiceConfig2A + 2 777B30CA 9 Bytes JMP 5FF5242C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!ChangeServiceConfig2W + 2 777B30DA 9 Bytes JMP 5FF52588 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!ChangeServiceConfigA + 2 777B30EA 9 Bytes JMP 5FF52174 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!ChangeServiceConfigW + 2 777B30FA 9 Bytes JMP 5FF522D0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!CreateServiceA + 2 777B315A 9 Bytes JMP 5FF50BB4 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!QueryServiceConfig2A + 2 777B33EB 9 Bytes JMP 5FF51C04 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!QueryServiceConfig2W + 2 777B33FB 9 Bytes JMP 5FF51D60 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!SetServiceObjectSecurity + 2 777B3535 9 Bytes JMP 5FF53324 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!StartServiceA + 2 777B3545 9 Bytes JMP 5FF51280 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!CreateProcessWithLogonW + 2 777B52EB 6 Bytes JMP 5FF4E59C C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!InitiateSystemShutdownW + 2 777CDA6F 6 Bytes JMP 5FF548E8 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!InitiateSystemShutdownExW + 2 777CDB3C 6 Bytes JMP 5FF54BA0 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!AbortSystemShutdownW + 2 777CDD62 7 Bytes JMP 5FF54E58 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!EnumServicesStatusA 777D2021 7 Bytes JMP 5FF526E2 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!EnumDependentServicesA 777D2104 7 Bytes JMP 5FF51EBA C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ADVAPI32.dll!EnumServicesStatusW + 2 777D2223 5 Bytes JMP 5FF52840 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ole32.dll!CoGetClassObject + 2 771254AF 8 Bytes JMP 5FF4D3EB C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ole32.dll!CoInitializeEx + 2 771309AF 6 Bytes JMP 5FF4D133 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ole32.dll!CoCreateInstanceEx + 2 77139D50 7 Bytes JMP 5FF4D28F C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ole32.dll!CoGetInstanceFromFile + 2 771B340D 8 Bytes JMP 5FF4D547 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] ole32.dll!CoGetInstanceFromIStorage + 2 771D0F09 8 Bytes JMP 5FF4D6A3 C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe[6916] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF53E04] C:\Windows\system32\UmxSbxw.dll (User mode executive module DLL/CA)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----