Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKit Unhooker Reporter needing examined


  • This topic is locked This topic is locked
2 replies to this topic

#1 Disgruntled Grant

Disgruntled Grant

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 27 December 2010 - 02:48 PM

Well today my computer contracted somekind of spyware. Not for sure what it is, but I've run RKU to try and find it, if anyone can look at it and tell me whats causing my problem it would be greatly apreciated.
I've lost sound, the ability to do alot of things in the control panel and I cannot even restore the system to an earlier point. It blocks every security check I've ran and has managed to hide from Malware Bytes Anti Malware
.txt file attached also


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x86B075A0 [272] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x862D0D90 [468] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x86B46D90 [488] C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc., Yahoo! Messenger Tray)
0x86B368D0 [504] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x868DA020 [524] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8617F020 [532] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x864E1050 [572] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x863C7D90 [584] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86528888 [616] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x86844228 [628] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x867CB810 [636] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x86318D90 [708] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x86877020 [832] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8687A628 [872] C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH, Emsisoft Anti-Malware Service)
0x8688CD28 [940] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x868E1D90 [972] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86BEFC70 [1064] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation, Windows Defender User Interface)
0x868C8D48 [1072] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x868E4610 [1104] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x857FD4B8 [1136] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x868ED658 [1164] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8693F2F0 [1268] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0x86945D90 [1312] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86C22D58 [1432] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc., PowerISO Virtual Drive Manager)
0x8697ED90 [1444] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x868BF020 [1452] C:\Program Files\Unlocker\UnlockerAssistant.exe
0x869C6930 [1644] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8700AB60 [1652] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x869E0700 [1676] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x83FC9020 [1740] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x857F5560 [1784] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x86A3F020 [1908] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x86C55D08 [1924] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc., Pure Networks Platform Assistant)
0x86C4A7C8 [2036] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)
0x86B6CA88 [2052] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation, Windows Live Messenger)
0x86C92910 [2128] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC, InstallIQ Updater)
0x86CA77C8 [2192] C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
0x86CB1390 [2296] C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe (McAfee, Inc., McAfee Security Scanner Scheduler)
0x86CCB3C8 [2352] C:\Users\Grant\Documents\Rainmeter-1.3-32bit\Rainmeter.exe (-, Rainmeter - A Customizable Resource Meter)
0x86CD5800 [2384] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86CF0650 [2400] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86CCC848 [2428] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86CF83D0 [2484] C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock, ObjectDock Plus)
0x86D19358 [2544] C:\Windows\System32\java.exe (Sun Microsystems, Inc., Java™ Platform SE binary)
0x86D13D90 [2640] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x87007668 [2680] C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation, Windows Live Communications Platform)
0x86D6D9E0 [2784] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc., Pure Networks Platform Service)
0x869EDA80 [2856] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x86F24C70 [3000] C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org, OpenOffice.org 3.2)
0x847CB468 [3056] C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org, OpenOffice.org 3.2)
0x86C35AD8 [3772] C:\Windows\System32\dvsdfsdf\Q2vR7bSx.exe (UG North, RKULE, SR2 Normandy)
0x840AF988 [3940] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x83A2CAB0 [4] System (Microsoft Corporation, .NET Framework)
0x869182F8 [1228] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x8CF01000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9433088 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82000000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x82000000 PnpManager 3805184 bytes
0x82000000 RAW 3805184 bytes
0x82000000 WMIxWDM 3805184 bytes
0x94400000 Win32k 2097152 bytes
0x94400000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x87EF8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x87CFC000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D905000 C:\Windows\system32\DRIVERS\AGRSM.sys 1028096 bytes (Agere Systems, SoftModem Device Driver)
0x87B07000 PCI_PNP6080 1019904 bytes
0x87B07000 C:\Windows\System32\Drivers\sprk.sys 1019904 bytes
0x87B07000 sptd 1019904 bytes
0x8071F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xAA6E2000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8DB2B000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C4D3000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xA7D32000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x806A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x87C2E000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA8284000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80466000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8DF62000 C:\Windows\system32\DRIVERS\RTL8187B.sys 385024 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)
0xA8900000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x94820000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x87A8A000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DAE4000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8063B000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8CEC0000 C:\Windows\system32\DRIVERS\Rtlh86.sys 266240 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x8CE05000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8CB16000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8C243000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8041A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8DA24000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA8975000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87C98000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8CE70000 C:\Windows\System32\Drivers\atb32cjb.SYS 229376 bytes
0x87EC2000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x823A1000 ACPI_HAL 212992 bytes
0x823A1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8CB55000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8DAB2000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87A2A000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CAE9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8CE45000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x87CD1000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA7CC7000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8CB89000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8067E000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8CAC4000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x87E9D000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x87AE2000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA8951000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8CBC6000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x87E7C000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8CA49000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA89CC000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x87A64000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA89AE000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x94642000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA8229000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0xA8210000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8CA10000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8CEA8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8DA0D000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x8CBE9000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA65EA000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D806000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D830000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0xA64F5000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xA89EC000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D81C000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C21E000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8CBB3000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA83ED000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DA9F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8C231000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA7C20000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8DF33000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA8C1A000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA6459000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x87C0E000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xA7C00000 C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys 65536 bytes (Emsi Software GmbH, Emsisoft Anti-Malware File Guard)
0x87A1A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x88D30000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8060A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x88D10000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x8B566000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87C1F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x87A03000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B4FD000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B50C000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x80624000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x94810000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8C320000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8C34A000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C33C000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x87AD4000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C358000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x8C32E000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8C437000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C41D000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8C410000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B413000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8040D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x88811000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B499000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8B441000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8B44C000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8B483000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B462000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B46D000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8B457000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B42B000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B436000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8061A000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8C2C6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8C294000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C2EE000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8C2A8000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8C2F8000 C:\Windows\system32\DRIVERS\pnarp.sys 40960 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0x8C302000 C:\Windows\system32\DRIVERS\purendis.sys 40960 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0x8C29E000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C59D000 C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys 36864 bytes (Emsi Software GmbH, Emsisoft Anti-Malware Behavior Blocker)
0x87C05000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8C58B000 C:\Windows\System32\Drivers\dump_msahci.sys 36864 bytes
0x8C5A6000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x87A5B000 C:\Windows\system32\drivers\msahci.sys 36864 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8C579000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8045D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C5AF000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94800000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C5CA000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C5D3000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80404000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x87A82000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80455000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x804C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x80633000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8ADCD000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8ADD5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87A12000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8AD1D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x80603000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8AD16000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8AC8A000 C:\Windows\System32\Drivers\StarOpen.SYS 24576 bytes
0x8B5D0000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x80401000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x88C32000 C:\Program Files\Emsisoft Anti-Malware\a2util32.sys 8192 bytes (Emsi Software GmbH, a-squared Malware-IDS utility driver)
0x88800000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x88C3E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x848331F8 unknown_irp_handler 3592 bytes
0x848311F8 unknown_irp_handler 3592 bytes
0x861731F8 unknown_irp_handler 3592 bytes
0x859F01F8 unknown_irp_handler 3592 bytes
0x860BE1F8 unknown_irp_handler 3592 bytes
0x861081F8 unknown_irp_handler 3592 bytes
0x85A151F8 unknown_irp_handler 3592 bytes
0x85A821F8 unknown_irp_handler 3592 bytes
0x83A4C1F8 unknown_irp_handler 3592 bytes
0x85A211F8 unknown_irp_handler 3592 bytes
0x848321F8 unknown_irp_handler 3592 bytes
0x85B341F8 unknown_irp_handler 3592 bytes
0x857D91F8 unknown_irp_handler 3592 bytes
0x859F1470 unknown_irp_handler 2960 bytes
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0009138E, Type: Inline - RelativeJump 0x8209138E-->82091395 [ntkrnlpa.exe]
[1064]MSASCui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[1064]MSASCui.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[1136]hkcmd.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[1432]PWRISOVM.EXE-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[1452]UnlockerAssistant.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[1652]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[1652]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[1652]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7786EB00-->00000000 [firefox.exe]
[1652]firefox.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[1652]firefox.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[1652]firefox.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[1652]firefox.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[1652]firefox.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[1652]firefox.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[1652]firefox.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[1652]firefox.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[1652]firefox.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[1652]firefox.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[1652]firefox.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[1652]firefox.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[1652]firefox.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[1652]firefox.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[1652]firefox.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[1652]firefox.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[1652]firefox.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[1784]igfxsrvc.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[1924]nmctxth.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[2036]igfxpers.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[2052]msnmsgr.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[2128]InstallIQUpdater.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[2192]LinksysUpdater.exe-->advapi32.dll-->CreateServiceA, Type: IAT modification 0x00424020-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C91518-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C916C4-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C91654-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C91658-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C91510-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->RegCreateKeyA, Type: IAT modification 0x00424050-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x00424040-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x0042404C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B7112C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B7119C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B711BC-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[2192]LinksysUpdater.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x004241F0-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->kernel32.dll-->CreateProcessA, Type: IAT modification 0x004240E8-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x00424134-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00424100-->00000000 [shimeng.dll]
[2192]LinksysUpdater.exe-->kernel32.dll-->MoveFileA, Type: IAT modification 0x00424124-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->mswsock.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x6DD8124C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x6DD81264-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x6DD8125C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x6DD81248-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x6DD81250-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6DD81224-->00000000 [shimeng.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x15D23CD8-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x15D23B24-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x15D23C94-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x15D23B44-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x15D23CE8-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x15D23B1C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x15D23B20-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x15D23B64-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x15D23CA8-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x15D23250-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x15D23454-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x15D233A8-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x15D233B4-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x15D23300-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x15D233AC-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D6153C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D6151C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D61544-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D61194-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D612B0-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D6119C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]
[2192]LinksysUpdater.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D61198-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x6C9F1104-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x6C9F110C-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x6C9F1114-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x6C9F1110-->00000000 [AcGenral.dll]
[2192]LinksysUpdater.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C9F11E8-->00000000 [shimeng.dll]
[2296]SSScheduler.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[2296]SSScheduler.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[2352]Rainmeter.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[2484]ObjectDock.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[2680]wlcomm.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[272]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[272]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[272]taskeng.exe-->kernel32.dll+0x0002969C, Type: Inline - RelativeJump 0x7649969C-->00000000 [kernel32.dll]
[272]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[272]taskeng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[272]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[272]taskeng.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[272]taskeng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[272]taskeng.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[272]taskeng.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[272]taskeng.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[272]taskeng.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[272]taskeng.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[272]taskeng.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[272]taskeng.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[272]taskeng.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[272]taskeng.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[272]taskeng.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[272]taskeng.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[272]taskeng.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[3000]soffice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[3000]soffice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[3000]soffice.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[3000]soffice.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[3000]soffice.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[3000]soffice.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[3000]soffice.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[3000]soffice.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[3000]soffice.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[3000]soffice.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[3000]soffice.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[3000]soffice.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[3000]soffice.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[3000]soffice.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[3056]soffice.bin-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[3056]soffice.bin-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[3056]soffice.bin-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[3056]soffice.bin-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[3056]soffice.bin-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[3056]soffice.bin-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[3056]soffice.bin-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[3056]soffice.bin-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[3056]soffice.bin-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[3056]soffice.bin-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[3056]soffice.bin-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[3056]soffice.bin-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[3056]soffice.bin-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[3056]soffice.bin-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[3056]soffice.bin-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[3056]soffice.bin-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[3056]soffice.bin-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[3056]soffice.bin-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[3056]soffice.bin-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x77A0CFF8-->00000000 [xul.dll]
[3940]plugin-container.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[3940]plugin-container.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B71118-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B7110C-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C0E4-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040C0E0-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0040C0B0-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040C0B8-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x15D23660-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x15D234D0-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x15D23278-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x15D2343C-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x15D23AB8-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x15D23A44-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x15D239E4-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x15D2399C-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x15D23908-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x15D23708-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x0040C268-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x77D61454-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x0040C2A4-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D6123C-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D61148-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D612F4-->00000000 [yui.dll]
[488]Ymsgr_tray.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[488]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x0040C29C-->00000000 [yui.dll]
[504]dwm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[504]dwm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[504]dwm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[504]dwm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[504]dwm.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[504]dwm.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[504]dwm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[504]dwm.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[504]dwm.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[504]dwm.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[504]dwm.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[504]dwm.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[504]dwm.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[504]dwm.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[504]dwm.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[504]dwm.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[504]dwm.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[504]dwm.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[504]dwm.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[524]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x776B3C41-->00000000 [unknown_code_page]
[524]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77678686-->00000000 [unknown_code_page]
[524]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7789F414-->00000000 [unknown_code_page]
[524]explorer.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7789F834-->00000000 [unknown_code_page]
[524]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - DirectJump 0x7789FBF4-->00000000 [unknown_code_page]
[524]explorer.exe-->ntdll.dll-->NtOpenProcess, Type: Inline - DirectJump 0x7789FC74-->00000000 [unknown_code_page]
[524]explorer.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x778A04D4-->00000000 [unknown_code_page]
[524]explorer.exe-->shell32.dll-->SHFileOperationW, Type: Inline - RelativeJump 0x76568B3D-->00000000 [UnlockerHook.dll]
[524]explorer.exe-->user32.dll-->keybd_event, Type: Inline - DirectJump 0x77A3FE80-->00000000 [unknown_code_page]
[524]explorer.exe-->user32.dll-->mouse_event, Type: Inline - DirectJump 0x779E94EF-->00000000 [unknown_code_page]
[524]explorer.exe-->user32.dll-->PostMessageA, Type: Inline - DirectJump 0x779F0672-->00000000 [unknown_code_page]
[524]explorer.exe-->user32.dll-->PostMessageW, Type: Inline - DirectJump 0x77A03915-->00000000 [unknown_code_page]
[524]explorer.exe-->user32.dll-->SendInput, Type: Inline - DirectJump 0x779E94DB-->00000000 [unknown_code_page]
[524]explorer.exe-->user32.dll-->SendMessageA, Type: Inline - DirectJump 0x779ED8F3-->00000000 [unknown_code_page]
[524]explorer.exe-->user32.dll-->SendMessageW, Type: Inline - DirectJump 0x77A02B71-->00000000 [unknown_code_page]
[524]explorer.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x779B4BA7-->00000000 [unknown_code_page]
[524]explorer.exe-->ws2_32.dll-->listen, Type: Inline - DirectJump 0x779BA85A-->00000000 [unknown_code_page]
[524]explorer.exe-->ws2_32.dll-->WSALookupServiceBeginW, Type: Inline - DirectJump 0x779B53D6-->00000000 [unknown_code_page]
[524]explorer.exe-->ws2_32.dll-->WSALookupServiceEnd, Type: Inline - DirectJump 0x779B5AF5-->00000000 [unknown_code_page]
[524]explorer.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - DirectJump 0x779B58A0-->00000000 [unknown_code_page]
[872]a2service.exe-->kernel32.dll-->CreateThread, Type: IAT modification 0x00647E60-->00000000 [a2service.exe]
[872]a2service.exe-->kernel32.dll-->CreateThread, Type: IAT modification 0x00648620-->00000000 [a2service.exe]
[872]a2service.exe-->kernel32.dll-->RaiseException, Type: IAT modification 0x00647E80-->00000000 [a2service.exe]
[872]a2service.exe-->kernel32.dll-->RaiseException, Type: IAT modification 0x0064842C-->00000000 [a2service.exe]
[872]a2service.exe-->kernel32.dll-->ResumeThread, Type: IAT modification 0x0064841C-->00000000 [a2service.exe]
[872]a2service.exe-->kernel32.dll-->WriteFile, Type: IAT modification 0x00647E68-->00000000 [a2service.exe]
[872]a2service.exe-->kernel32.dll-->WriteFile, Type: IAT modification 0x00648390-->00000000 [a2service.exe]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Malware Response Team
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:24 PM

Posted 03 January 2011 - 10:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 Shannon2012

Shannon2012

  • Malware Response Team
  • 3,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:24 PM

Posted 10 January 2011 - 05:13 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users