Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Removal Help Please!


  • This topic is locked This topic is locked
9 replies to this topic

#1 Durden

Durden

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 02 June 2010 - 11:27 AM

Hello..

I am running windows Vista Premium on my home desktop... (not sure how much information is needed on it..)

I have had a rootkit problem for a few days now, and after scouring information trying to remove, I have come to the end of my rope, and figure it's time to put it in the hands of someone with more experience than myself.

I have updated MBAM, and I found the rootkit once, although it didn't remove it..
I tried using GMER, although at the moment I can't complete a scan, it gets shut down..

A few other 'symptoms':

Some Google search results get redirected
I can't use Windows Update
Firefox has shutdown on me on several ocassions
I receive root kernal errors..

I have looked through a couple similar topics on here, and downloaded OTL and RKUnhooker, although the reports I have saved are totally foreign to me..

If there is any other information to make helping my situation any easier, I'll gladly post it.. Thank you for your time, your help is appreciated beyond belief..

Tyler..

I will post the OTL and RKunhooker results in a reply, hopefully this will help to get things moving along..

Thanks Again.

I have attached the DDS text file, but I did not get a second one when running the program. I am trying GMER again right now, and will post the results if it works, as well as a second DDS scan to get the attach.txt..


OTL logfile created on: 02/06/2010 9:09:01 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Tyler\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
41.00 Gb Paging File | 40.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 507.73 Gb Total Space | 258.74 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive D: | 411.50 Gb Total Space | 322.56 Gb Free Space | 78.39% Space Free | Partition Type: NTFS
Drive E: | 12.28 Gb Total Space | 2.75 Gb Free Space | 22.43% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TYLER-PC
Current User Name: Tyler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Tyler\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()
PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Tyler\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdfm) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MADFUFTU) -- C:\Windows\System32\drivers\MAudioFastTrackUltra_DFU.sys (M-Audio)
DRV - (MAUSBFASTTRACKULTRA) -- C:\Windows\System32\drivers\MAudioFastTrackUltra.sys (Avid Technology, Inc.)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (iLokDrvr) -- C:\Windows\System32\drivers\iLokDrvr.sys (PACE Anti-Piracy, Inc.)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (UKS11LDR) -- C:\Windows\System32\drivers\uks11ldr.sys (MIDIMAN)
DRV - (MA_CMIDI) -- C:\Windows\System32\drivers\MA_CMIDI.SYS (M-Audio)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (RDID1053) -- C:\Windows\System32\drivers\RDWM1053.SYS (Roland Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1003363361-3245627235-4148214532-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=FW69157
IE - HKU\S-1-5-21-1003363361-3245627235-4148214532-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1003363361-3245627235-4148214532-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 E9 18 51 ED 57 CA 01 [binary data]
IE - HKU\S-1-5-21-1003363361-3245627235-4148214532-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1003363361-3245627235-4148214532-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://glitchhopforum.com/?sid=84830059ce9b105a440ea490eaa325c7"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/12/15 21:50:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 07:20:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 11:34:02 | 000,000,000 | ---D | M]

[2009/11/02 19:59:43 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions
[2010/06/01 12:22:29 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\xy772ghc.default\extensions
[2010/04/29 21:05:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\xy772ghc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/01 12:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 11:34:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/12/09 11:41:22 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1003363361-3245627235-4148214532-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/02 08:16:37 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/06/02 08:16:36 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/06/02 08:16:36 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/02 08:14:48 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/06/02 08:14:48 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/06/02 08:14:42 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/06/02 08:14:42 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/06/02 08:14:35 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/02 08:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/02 08:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/02 08:14:23 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\PC Tools
[2010/06/02 08:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/02 08:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/01 12:35:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/06/01 12:35:46 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/01 12:32:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/01 12:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/01 12:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/31 11:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/31 11:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/31 11:34:02 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/31 11:34:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/31 11:34:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/31 11:34:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/26 13:03:50 | 000,000,000 | ---D | C] -- C:\Users\Tyler\Documents\iZotope Trash Presets
[2010/05/26 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iZotope
[2010/05/06 11:09:22 | 000,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2010/05/06 11:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\BeatportDownloader
[2010/05/05 08:01:53 | 001,870,336 | ---- | C] (Native Instruments Software Synthesis GmbH) -- C:\Windows\System32\bconvert.dll
[2010/05/05 08:01:53 | 000,393,216 | ---- | C] (Native Instruments Software GmbH) -- C:\Windows\System32\NI_IRC_1_2.dll
[2010/05/05 08:01:53 | 000,061,440 | ---- | C] (Native Instruments Software GmbH) -- C:\Windows\System32\NI_DFD_1_5.dll

========== Files - Modified Within 30 Days ==========

[2010/06/02 09:08:16 | 002,883,584 | -HS- | M] () -- C:\Users\Tyler\NTUSER.DAT
[2010/06/02 08:56:19 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/02 08:56:19 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/02 08:56:19 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/02 08:53:22 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/02 08:50:21 | 000,181,637 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/02 08:50:19 | 000,181,637 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/02 08:50:17 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 08:50:17 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 08:50:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/02 08:50:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/02 08:31:42 | 001,389,268 | -H-- | M] () -- C:\Users\Tyler\AppData\Local\IconCache.db
[2010/06/02 07:45:03 | 002,335,270 | ---- | M] () -- C:\Windows\System32\fcfD162.mht
[2010/06/02 07:21:31 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2010/06/02 07:21:25 | 000,524,288 | -HS- | M] () -- C:\Users\Tyler\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 07:21:25 | 000,065,536 | -HS- | M] () -- C:\Users\Tyler\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/02 07:20:54 | 000,000,799 | ---- | M] () -- C:\Windows\System32\BDUpdateV1.xml
[2010/06/01 22:24:01 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/06/01 22:23:59 | 000,088,576 | ---- | M] () -- C:\Users\Tyler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 12:35:44 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/01 12:35:41 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/05/30 03:07:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/05/26 13:21:59 | 002,541,992 | ---- | M] () -- C:\Users\Tyler\Desktop\Battery Perc Loop.wav
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/10 12:43:24 | 000,000,920 | ---- | M] () -- C:\Users\Tyler\Documents\PT Test.maftuw
[2010/05/07 18:01:22 | 117,721,278 | ---- | M] () -- C:\Users\Tyler\Desktop\Live From Last Week 2.mp3
[2010/05/06 11:08:02 | 001,136,823 | ---- | M] () -- C:\Users\Tyler\Documents\beatport_downloader_1_003.air

========== Files Created - No Company Name ==========

[2010/06/02 08:16:37 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/06/02 08:16:37 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/06/02 08:16:37 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/06/02 08:16:37 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/06/02 08:16:37 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/06/02 08:14:48 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/06/02 08:14:42 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/06/02 08:14:42 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/06/02 08:14:35 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/02 07:45:03 | 002,335,270 | ---- | C] () -- C:\Windows\System32\fcfD162.mht
[2010/06/01 22:09:43 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/01 12:37:55 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/05/26 13:21:50 | 002,541,992 | ---- | C] () -- C:\Users\Tyler\Desktop\Battery Perc Loop.wav
[2010/05/10 12:43:24 | 000,000,920 | ---- | C] () -- C:\Users\Tyler\Documents\PT Test.maftuw
[2010/05/07 18:00:50 | 117,721,278 | ---- | C] () -- C:\Users\Tyler\Desktop\Live From Last Week 2.mp3
[2010/05/06 11:08:14 | 001,136,823 | ---- | C] () -- C:\Users\Tyler\Documents\beatport_downloader_1_003.air
[2009/12/09 16:07:52 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/11/18 22:06:00 | 003,175,424 | ---- | C] () -- C:\Windows\System32\PSP Nitro.dll
[2009/11/04 23:04:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/03 08:35:29 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009/11/02 22:01:14 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2009/11/02 19:00:51 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/10/28 09:29:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/28 09:16:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/10/28 09:08:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2008/04/23 19:34:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2007/01/31 15:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/17 04:57:40 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FxShared.dll
[2006/07/17 04:57:40 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1322 bytes -> C:\Program Files\Common Files\microsoft shared:nV1lTX01UwWOhuSyM03990ea
@Alternate Data Stream - 1320 bytes -> C:\Users\Tyler\AppData\Local\0sOF4ZrjlaR:o7XxcPkdqegVIlW1ARmfI
@Alternate Data Stream - 1276 bytes -> C:\ProgramData\Microsoft:hbza7yj5vVrSUzLBPZ6lJW5oI
@Alternate Data Stream - 1260 bytes -> C:\ProgramData\Microsoft:8td2bSqZKseUH09IS0Nq
@Alternate Data Stream - 1183 bytes -> C:\ProgramData\Microsoft:qh66BZkjnkiNmF75TKNs9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1143 bytes -> C:\ProgramData\Microsoft:symu8L9ojS4d4Vjt7ComUHIw
@Alternate Data Stream - 1135 bytes -> C:\ProgramData\Microsoft:L1Kffs6JBNT0dW8rFveaMsCja
@Alternate Data Stream - 1117 bytes -> C:\ProgramData\Microsoft:8NzNN7sqUm0yXi9fcIvh
< End of report >

OTL Extras logfile created on: 02/06/2010 9:09:01 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Tyler\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
41.00 Gb Paging File | 40.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 507.73 Gb Total Space | 258.74 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive D: | 411.50 Gb Total Space | 322.56 Gb Free Space | 78.39% Space Free | Partition Type: NTFS
Drive E: | 12.28 Gb Total Space | 2.75 Gb Free Space | 22.43% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TYLER-PC
Current User Name: Tyler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1003363361-3245627235-4148214532-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1003363361-3245627235-4148214532-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F4257D6-36A9-411E-BA02-08731FBBFB12}" = rport=138 | protocol=17 | dir=out | app=system |
"{2AD90ABD-439E-45DE-8BDC-5A12B9BAD537}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{45E8D89C-0A87-411E-9C1B-37265D62C1FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C089319-BEA8-45D1-B2DA-501515D7FC27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{707C9CA3-F96A-42A7-9DE6-95572E40B0D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{99BF4C18-69FC-4483-917D-BC8D2CC79962}" = rport=139 | protocol=6 | dir=out | app=system |
"{B5E4B8D5-7EB2-4402-9819-E5B75371EE5F}" = lport=137 | protocol=17 | dir=in | app=system |
"{C133D85A-7A22-425D-9385-10040BFF3656}" = lport=138 | protocol=17 | dir=in | app=system |
"{C529A52B-7072-4A1C-A527-03A126AE21BE}" = rport=445 | protocol=6 | dir=out | app=system |
"{FEDDACC1-9989-4F0E-8035-88336FDABEA8}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A37D656-13BF-4C4E-8A9B-E687CEB013A8}" = protocol=6 | dir=in | app=c:\users\tyler\downloads\utorrent.exe |
"{28D429A9-6864-4408-830C-B019172DEB96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{299629F6-94CC-44AE-8FA6-BE5982BD8AB3}" = protocol=17 | dir=in | app=c:\users\tyler\downloads\utorrent.exe |
"{3CB9E552-C5FC-4EFD-A797-75F77794A2E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5696817C-5655-4136-A845-B9B592CC9063}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{62A582A7-EF11-48EE-86A6-80957E263FD0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6829BA79-3D41-4051-87D5-9440F1D53152}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6FCB43DE-FD23-4F2B-904B-690E04F31D6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8BED35A1-CB79-4008-B665-3A965374D3F2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FAC2947-E531-4855-BA9A-BFDBF8D48CA7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC9D5F61-3C62-428A-8211-C5DC1285EE51}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B7A546CA-44FC-475F-8C8B-3FDB03485B54}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F1A3FFAD-5F13-4D4C-B8B2-2B96D9E560A9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F98A4266-709E-4907-9565-C6812EED9BD2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3D2A4984-35CE-47D7-8480-07F093133B99}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{4A0D06AB-AD55-4A4A-A233-B96CC60A8D81}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{80BA4692-784C-408C-842E-7AD5846301DC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{39F5FCA8-B371-4008-A3AD-0D040A45E76F}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{5D8E17E0-869B-49A3-9A58-F20212971BA3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6948261F-A351-4A95-BC4F-364008FD597E}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0420534B-AA3F-4C4D-A80A-69CFA11E8352}" = Waves
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0DACDD10-97BE-4C26-AEC1-3CE3F86035C4}" = Scratch Live 1.9.1 (19136)
"{14AA664E-9BFA-44C4-A083-83A2998679BA}" = Digidesign Pro Tools M-Powered 7.4cs8
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = Series II MIDI
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DF86878-462F-41F2-96E0-E82EE57EC7D3}" = BitDefender Antivirus 2009
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{60800002-C561-4E32-99EB-3C5AD3683A70}" = Waves Expanded 6.0.8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Digidesign Free Bomb Factory Plug-Ins 7.4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87F28C47-EE39-449F-9D17-63DE7B8888EB}" = AmpliTube 1.1 LE
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{9d8ee1ce-d721-4b36-a9b2-45f3b7a5f8aa}" = Native Instruments Massive Threat
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{B4DD23DF-FA02-4BA0-8087-9FFB5C081033}" = Nero 8
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1A39C8A-8D93-4583-8F23-C92DD8C8B3F0}" = M-Audio FastTrackUltra Driver 6.0.2 (x86)
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F1071E3B-6F2D-4857-9B0A-B105ECC14358}" = AmpliTube 1.1 LE
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"apEQ" = apEQ 1.3.0
"Artillery2" = Artillery2
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"Browser Defender_is1" = Browser Defender 2.0.6.11
"Effectrix" = Effectrix
"FL Studio 8" = FL Studio 8
"IL Download Manager" = IL Download Manager
"iZotope Ozone 4_is1" = iZotope Ozone 4
"iZotope Trash_is1" = iZotope Trash
"Live 7.0.7" = Live 7.0.7
"M30 Reverb" = M30 Reverb
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mixed In Key 4" = Mixed In Key 4
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments FM7 VSTi DXI RTAS v1.1.3.4" = Native Instruments FM7 VSTi DXI RTAS v1.1.3.4
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Massive Expansion Vol. 2" = Native Instruments Massive Expansion Vol. 2
"Native Instruments Massive Threat" = Native Instruments Massive Threat
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"PIXresizer_is1" = PIXresizer 2.0.4
"PSP Nitro 1.1.1" = PSP Nitro 1.1.1
"PSP VintageWarmer v1.5d" = PSP VintageWarmer v1.5d
"RealPlayer 12.0" = RealPlayer
"Reason4_is1" = Reason 4.0.1
"ReCycle_is1" = ReCycle 2.1.2
"reFX Vanguard 1.7.2_is1" = reFX Vanguard 1.7.2
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"Rob Papen Albino 3" = Rob Papen Albino 3
"Rob Papen BLUE Version 1.6.3b_is1" = Rob Papen BLUE Version 1.6.3b
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sonicbytes Gat'R_is1" = Sonicbytes Gat'R 1.1
"Soulseek2" = SoulSeek 157 NS 13e
"Spyware Doctor" = Spyware Doctor 7.0
"Sylenth1_is1" = Sylenth1 v2.20
"Thesys" = Thesys
"Unique" = Unique
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"Vst To Rtas Adapter V2.11" = Vst To Rtas Adapter V2.11
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/06/2010 11:40:27 AM | Computer Name = Tyler-PC | Source = Perflib | ID = 1008
Description =

Error - 02/06/2010 11:40:27 AM | Computer Name = Tyler-PC | Source = PerfNet | ID = 2004
Description =

Error - 02/06/2010 11:40:27 AM | Computer Name = Tyler-PC | Source = PerfNet | ID = 2002
Description =

Error - 02/06/2010 11:41:52 AM | Computer Name = Tyler-PC | Source = PerfNet | ID = 2004
Description =

Error - 02/06/2010 11:41:52 AM | Computer Name = Tyler-PC | Source = PerfNet | ID = 2002
Description =

Error - 02/06/2010 11:41:52 AM | Computer Name = Tyler-PC | Source = Perflib | ID = 1010
Description =

Error - 02/06/2010 11:41:52 AM | Computer Name = Tyler-PC | Source = Perflib | ID = 1008
Description =

Error - 02/06/2010 11:43:53 AM | Computer Name = Tyler-PC | Source = PerfNet | ID = 2004
Description =

Error - 02/06/2010 11:43:53 AM | Computer Name = Tyler-PC | Source = PerfNet | ID = 2002
Description =

Error - 02/06/2010 11:50:36 AM | Computer Name = Tyler-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 30/04/2010 5:59:58 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/05/2010 6:00:00 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/05/2010 10:39:33 PM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 03/05/2010 6:00:01 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 5:59:58 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/05/2010 6:00:00 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/05/2010 6:00:01 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 5:59:58 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08/05/2010 5:59:58 AM | Computer Name = Tyler-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/05/2010 2:06:15 PM | Computer Name = Tyler-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:37:04 PM on 09/05/2010 was unexpected.


< End of report >

Attached Files

  • Attached File  DDS.txt   13.96KB   1 downloads
  • Attached File  ark.txt   243.75KB   1 downloads

Edited by Durden, 02 June 2010 - 01:41 PM.


BC AdBot (Login to Remove)

 


#2 Durden

Durden
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 02 June 2010 - 11:28 AM

EDIT: Moved to Virus,trojan and Malware Removal Logs~~boopme

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x91A08000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9506816 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 191.07 )
0x81E50000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81E50000 PnpManager 3903488 bytes
0x81E50000 RAW 3903488 bytes
0x81E50000 WMIxWDM 3903488 bytes
0xA0820000 Win32k 2105344 bytes
0xA0820000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B009000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8AC72000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x90C01000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8AE0F000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA4409000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x99A8F000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x82AA2000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x90D05000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA6CC8000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x9231B000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x82A01000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x91257000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8280A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8AC01000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8AF14000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA6C7C000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x82961000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x95D0D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x91317000 C:\Windows\system32\DRIVERS\VSTBS23.SYS 294912 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x828C5000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80697000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x9243A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x92581000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x9120A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x95DBE000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8ADA8000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA4504000 C:\Windows\system32\DRIVERS\bdfsfltr.sys 237568 bytes (BitDefender S.R.L. Bucharest, ROMANIA, BitDefender AntiVirus FS filter driver)
0xA6C04000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B119000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x807B8000 C:\Windows\system32\drivers\PCTCore.sys 225280 bytes (PC Tools, PC Tools KDS Core Driver)
0x92542000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81E1D000 ACPI_HAL 208896 bytes
0x81E1D000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x912E4000 C:\Windows\system32\DRIVERS\yk60x86.sys 208896 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x82893000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x95D55000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x9240B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x925C0000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AD7D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9135F000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B16B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8291C000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA6C55000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82BAE000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x923D3000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x924A8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x95C08000 C:\Windows\system32\DRIVERS\MpFilter.sys 139264 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8B1A3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8AF96000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x95C70000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x95CD9000 C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys 131072 bytes (BitDefender LLC, BitDefender Firewall TDI Filter Driver)
0x99A00000 C:\Windows\system32\DRIVERS\MAudioFastTrackUltra.sys 131072 bytes (Avid Technology, Inc., M-Audio USB Audio Driver (WDM))
0x8AFB7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82B84000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x829D0000 C:\Windows\System32\Drivers\TPkd.sys 122880 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0x99BC0000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8AEF9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x99B82000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA4557000 C:\Windows\system32\drivers\bdfm.sys 106496 bytes (BitDefender S.R.L. Bucharest, ROMANIA, BitDefender BehavioralScanner Filter Driver)
0x91389000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x99BDD000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x913C1000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA6C3D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x913DF000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92486000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x99A41000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA453E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x95D87000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x95CC3000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8AF81000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x924EE000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x924DA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x95CF9000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x95C41000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x99BAD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x95DAB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8B192000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x925ED000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82BD4000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x99A61000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x99B9D000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x829C0000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x90DC5000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x92503000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8B1EE000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x82BE4000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x99B73000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B15A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82943000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x924CB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91248000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82952000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x90DD5000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA0A60000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x95D9D000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x95CAC000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x829B2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x99A2C000 C:\Windows\System32\Drivers\RDWM1053.SYS 57344 bytes (Roland Corporation, )
0x99A82000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90DB8000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x92535000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x82886000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x99A20000 C:\Windows\system32\DRIVERS\iLokDrvr.sys 49152 bytes (PACE Anti-Piracy, Inc., Windows USB iLok Device Driver)
0x82BA2000 C:\Windows\system32\DRIVERS\jraid.sys 49152 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)
0xA44F1000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x95C64000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x923BC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x90DE3000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x913B6000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x92513000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x95CA1000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9249D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9247B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B1DA000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x923C8000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9251E000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x99B69000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x92577000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x9252B000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x92400000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA44E7000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x90DF6000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA6D78000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B1C4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x95C2A000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x99A58000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x99A71000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA4599000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x95CBA000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA0A40000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B1E5000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8290B000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xA4571000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x90DEE000 C:\Windows\system32\DRIVERS\ASACPI.sys 32768 bytes (-, ATK0110 ACPI Utility)
0x82B7C000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8068F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x99A7A000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x82914000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x95C91000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x95C99000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B152000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x95C3A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x95C5D000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80607000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x99A3A000 C:\Windows\system32\drivers\ma_cmidi.sys 28672 bytes (M-Audio, M-Audio USB MIDI Keyboard Windows Driver)
0x95C33000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x829AB000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xA44FD000 C:\Program Files\Spyware Doctor\PCTSDInj32.sys 28672 bytes
0x913D9000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x95DFA000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xA4554000 C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys 12288 bytes (BitDefender S.R.L., BitDefender Self Protection Driver)
0x8B169000 C:\Windows\system32\DRIVERS\JGOGO.sys 8192 bytes (JMicron , SCSI Port upper filter driver)
0x92319000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 191.07 )
0x92529000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x95C00000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x85748AEA ?_empty_? 1302 bytes
0x85748EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x862E7E28 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x82AA2000 WARNING: suspicious driver modification [iaStor.sys::0x85748AEA]
0x82A01000 WARNING: Virus alike driver modification [iastorv.sys], 659456 bytes
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A878A, Type: Inline - RelativeJump 0x81EF878A-->81EF8791 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000AC94C, Type: Inline - RelativeJump 0x81EFC94C-->81EFC8D4 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB50, Type: Inline - RelativeJump 0x81EFCB50-->81EFCBA3 [ntkrnlpa.exe]
[1020]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1020]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1096]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1152]winlogon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1152]winlogon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1184]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[124]AAWService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[124]AAWService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1388]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1488]TrustedInstaller.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1488]TrustedInstaller.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[1488]TrustedInstaller.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[1488]TrustedInstaller.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[1488]TrustedInstaller.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[1508]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1508]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1532]svchost.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x75372671-->00000000 [unknown_code_page]
[1532]svchost.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x753727D4-->00000000 [unknown_code_page]
[1532]svchost.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x75372995-->00000000 [unknown_code_page]
[1532]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D5DC8-->00000000 [unknown_code_page]
[1532]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776D4D34-->00000000 [unknown_code_page]
[1532]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5674-->00000000 [unknown_code_page]
[1532]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x76500B88-->00000000 [unknown_code_page]
[1676]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1676]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1744]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1744]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1756]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1756]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1800]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1800]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1800]taskeng.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[1800]taskeng.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[1800]taskeng.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[1800]taskeng.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[1820]dwm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1820]dwm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1840]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1840]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[1868]nvvsvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2064]explorer.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x75372671-->00000000 [unknown_code_page]
[2064]explorer.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x753727D4-->00000000 [unknown_code_page]
[2064]explorer.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x75372995-->00000000 [unknown_code_page]
[2064]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D5DC8-->00000000 [unknown_code_page]
[2064]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776D4D34-->00000000 [unknown_code_page]
[2064]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5674-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[2324]IAAnotif.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[2376]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2376]jusched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2376]jusched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[2376]jusched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[2376]jusched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[2376]jusched.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[2384]VCDDaemon.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[2400]M-AudioTaskBarIcon.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[2416]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2416]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2444]firefox.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x75372671-->00000000 [unknown_code_page]
[2444]firefox.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x753727D4-->00000000 [unknown_code_page]
[2444]firefox.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x75372995-->00000000 [unknown_code_page]
[2444]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D5DC8-->00000000 [unknown_code_page]
[2444]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776D4D34-->00000000 [unknown_code_page]
[2444]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5674-->00000000 [unknown_code_page]
[2444]firefox.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[2444]firefox.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[2444]firefox.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[2444]firefox.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[2448]wmpnscfg.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[2700]WmiPrvSE.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2780]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2812]mDNSResponder.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x0041202C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C8151C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C816D0-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C81664-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x00412060-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x00412068-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0041205C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x00412054-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2836]BDTUpdateService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x00412074-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004120C4-->00000000 [shimeng.dll]
[2836]BDTUpdateService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x768E1C04-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x768E1B34-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x768E1CB8-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x768E1B54-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x768E1CFC-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x768E1B2C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x768E1B30-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x768E1B74-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x768E1CC8-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2836]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x71241238-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x712411B8-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x7124120C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x712411BC-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x71241240-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x712411B4-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x7124123C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x712411C0-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->CopyFileA, Type: IAT modification 0x71241290-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x71241388-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x71241384-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x71241364-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x712412F8-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71241480-->00000000 [shimeng.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->MoveFileA, Type: IAT modification 0x712412C8-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x712412C4-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesA, Type: IAT modification 0x712412AC-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x71241450-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->00000000 [AcGenral.dll]
[2836]BDTUpdateService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[2852]MMERefresh.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2852]MMERefresh.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[2924]IoctlSvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[3028]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[3028]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[3148]AAWTray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[3148]AAWTray.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[3148]AAWTray.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[3148]AAWTray.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[3148]AAWTray.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[3168]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[3168]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[3220]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[3220]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[3324]IAANTmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[3888]seccenter.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[3888]seccenter.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[3888]seccenter.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[3888]seccenter.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[3888]seccenter.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[3888]seccenter.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[608]unsecapp.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[608]unsecapp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[608]unsecapp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x764E6FE7-->00000000 [unknown_code_page]
[608]unsecapp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7652A9E4-->00000000 [unknown_code_page]
[608]unsecapp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x764EB8A6-->00000000 [unknown_code_page]
[608]unsecapp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x764F35E3-->00000000 [unknown_code_page]
[664]csrss.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[664]csrss.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[708]wininit.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[708]wininit.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[724]csrss.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[724]csrss.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[760]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[784]lsm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[784]lsm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[940]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[940]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x77479109-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x776D4314-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x776D43D4-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x776D4414-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x776D4494-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x776D44A4-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x776D44C4-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x776D5804-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x776D47C4-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x776D47F4-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x776D50C4-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x776D52E4-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x776D5454-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x776D54F4-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x776D5644-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x776D5654-->00000000 [unknown_code_page]
[992]nvvsvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x776D5674-->00000000 [unknown_code_page]

Edited by boopme, 02 June 2010 - 11:51 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 04 June 2010 - 03:57 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Durden

Durden
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 05 June 2010 - 12:41 AM

Hello Gringo..

Attached is the Combofix.txt

A friend had come by after my initial posting and ran tdsskiller on my computer, and it deleted one file.. That had cured the symptoms I had mentioned earlier..
Some other things that happened a couple times:

A new tab would open and direct to a google.com/(something) page, it looked like a normal google page, I forgot to right down the actual site name..

I had some Host Processes for Windows service stop working

There was one time I had a pop up window that said My computer was infected with Malware, and to hit okay to scan, when I closed it, a website would open and show it scanning my computer..

Anyway since tdsskiller, I haven't had any of those problems, and I was finally able to get the Windows Updates. ComboFix said it deleted another .dll file, as you can see..

Thank you for your response, and here's hoping that it's fixed now..

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 05 June 2010 - 01:12 AM

Greetings

Looks preety good but lets make sure nothing is hidding.

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Durden

Durden
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 06 June 2010 - 02:02 PM

The first time I ran ESET it said it found two infected files, I chose the uninstall on close option, and it deleted my log file. I reinstalled, and ran it a second time, and this time it found nothing...

MBAM also ran clean..

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=456a4f066b56cf44b7a1d9580143d657
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-06 07:45:42
# local_time=2010-06-06 12:45:42 (-0800, Pacific Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2050 16776637 100 99 0 267888599 0 0
# compatibility_mode=5892 16776573 100 100 0 112412615 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=252480
# found=0
# cleaned=0
# scan_time=5254


Also, if that scan_time means 52:54, that seems a lot quicker than the first run through of ESET.. It took closer to 1.5 hrs the first time... It was at 99% finished for about 30 min..

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 06 June 2010 - 02:59 PM

Greetings Durden

Very well done!! This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.

The Online scan is only reporting backups created during the course of this fix, and items located in C:\System Volume Information\, which is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache shortly.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

:DeFogger:
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and useing often.

please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Durden

Durden
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 07 June 2010 - 10:42 AM

Hi Gringo..

Everything looks good here..

There is one small thing, after running ESET, when I first opened Firefox, I had an ASK.com search bar on my browser, and when I opened IE there was a search bar on that menu too.. I haven't installed anything other than what I have been asked to since starting this procedure with you.. Is this normal, or is there something else going on?

Thank you for your help..
Tyler

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 07 June 2010 - 02:24 PM

Greetings

just go into add/remove programs and remove anything that says ask or toolbar, like foxittoolbar


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 11 June 2010 - 03:19 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users