RKU and MBAM done.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF733E000 btkrnl.sys 1245184 bytes (WIDCOMM, Inc., Bluetooth Protocol Driver for Windows 2000)
0xF5E6C000 C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF5DC4000 C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7488000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBAC8B000 C:\WINDOWS\System32\DRIVERS\HSF_V124.sys 491520 bytes (Conexant, V124NT driver)
0xF5CE0000 C:\WINDOWS\system32\drivers\smwdm.sys 479232 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEC171000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBADED000 C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys 393216 bytes (Conexant, K56NT driver)
0xF5C36000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBF9D6000 C:\WINDOWS\System32\ati2dvaa.dll 380928 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF5D69000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xEC299000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBAD6E000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF5FFC000 C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys 327680 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xBAEBA000 C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys 290816 bytes (Conexant, Fallback driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBA707000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5BFB000 C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 241664 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xF5F8E000 C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xBAF01000 C:\WINDOWS\system32\drivers\btslbcsp.sys 204800 bytes (WIDCOMM, Inc., Bluetooth Serial Driver for Windows 2000)
0xBAD3D000 C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys 200704 bytes (Conexant, FaxNT driver)
0xF7614000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF75D5000 SSIDRV.SYS 188416 bytes (Webroot Software, Inc. (
www.webroot.com), Spy Sweeper Interdiction Driver)
0xBAF5B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF75A8000 C:\WINDOWS\SYSTEM32\Drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9EC9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEC209000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEC256000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEC0AB000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9EF4000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF5CBC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5FC4000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5F6B000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEC234000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7551000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7589000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBAE9D000 C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys 118784 bytes (Conexant, FSKsNT driver)
0xEC27E000 C:\WINDOWS\system32\drivers\pwipf6.sys 110592 bytes (Privacyware/PWI, Inc., pwipf6)
0xF746E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7571000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7528000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5CA5000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA9F6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5D55000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF5FE8000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEC2F2000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7515000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBAD2B000 C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys 73728 bytes (Conexant, SpkpNT driver)
0xF753F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7603000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5C94000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF5AC0000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF78A3000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7883000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF78D3000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78B3000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7843000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF174E000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76C3000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77B3000 C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys 53248 bytes (Conexant, TonesNT driver)
0xF7893000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7703000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76A3000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6773000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76D3000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF50F1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF78C3000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7693000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6783000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7683000 ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (
www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF7663000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF176E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6753000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76B3000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA860000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xF50D1000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7863000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7873000 C:\WINDOWS\system32\DRIVERS\LNE100V5.sys 36864 bytes (LinkSys Group Inc., Linksys LNE100TX(v5) Fast Ethernet Adapter NDIS5 Driver)
0xF6763000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF5121000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA020000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7673000 SSHRMD.SYS 36864 bytes (Webroot Software, Inc. (
www.webroot.com), Spy Sweeper Mini Driver)
0xF50E1000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF790B000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF3AF8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7943000 C:\WINDOWS\system32\DRIVERS\pctnullport.sys 32768 bytes (PCTEL Inc., Null-modem emulator)
0xF792B000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7913000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF4DDB000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78EB000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF794B000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xEC6F6000 C:\WINDOWS\system32\drivers\btserial.sys 24576 bytes
0xF791B000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7953000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A6B000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF3B08000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF3B18000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF3B00000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78F3000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7923000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF793B000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF3AF0000 C:\WINDOWS\System32\Drivers\tcpipBM.SYS 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0xF78E3000 C:\WINDOWS\SYSTEM32\Drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF4DBB000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF3A30000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA7A0000 C:\WINDOWS\system32\GTNDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xF3FF6000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7AF3000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF3A2C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7306000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A73000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF5BE7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF3A38000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBAFF0000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF3A34000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72FA000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF3D32000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 12288 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF3D4E000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF3D46000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B97000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7BEF000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7BED000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B63000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BF1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF10BF000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7BF3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B9B000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B99000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7B9F000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF1D64000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B65000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C6B000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D1A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF3A49000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C2B000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7C6A000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)
0x86A850D0 unknown_irp_handler 3888 bytes
0x86A4F0D0 unknown_irp_handler 3888 bytes
0x86A510D8 unknown_irp_handler 3880 bytes
0x86A6E0F0 unknown_irp_handler 3856 bytes
0x86B820F0 unknown_irp_handler 3856 bytes
0x86A140F8 unknown_irp_handler 3848 bytes
0x86B9A108 unknown_irp_handler 3832 bytes
0x86D5C110 unknown_irp_handler 3824 bytes
0x86BD3120 unknown_irp_handler 3808 bytes
0x86BB4190 unknown_irp_handler 3696 bytes
0x86A4C1D0 unknown_irp_handler 3632 bytes
0x86B4A268 unknown_irp_handler 3480 bytes
0x86A522C0 unknown_irp_handler 3392 bytes
0x86AE62F8 unknown_irp_handler 3336 bytes
0x86C1B3B8 unknown_irp_handler 3144 bytes
0x86BD44C8 unknown_irp_handler 2872 bytes
0x86BF75C8 unknown_irp_handler 2616 bytes
0x86BC46E0 unknown_irp_handler 2336 bytes
0x86DF0748 unknown_irp_handler 2232 bytes
0x86D50848 unknown_irp_handler 1976 bytes
0x86A42900 unknown_irp_handler 1792 bytes
0x86B209C0 unknown_irp_handler 1600 bytes
0x86A40A08 unknown_irp_handler 1528 bytes
0x86E13A30 unknown_irp_handler 1488 bytes
!!!!!!!!!!!Hidden driver: 0x86EC9AEA ?_empty_? 1302 bytes
0x86A5EBC8 unknown_irp_handler 1080 bytes
0x86BCAC88 unknown_irp_handler 888 bytes
0x86B08C90 unknown_irp_handler 880 bytes
0x86EC9D01 unknown_irp_handler 767 bytes
!!!!!!!!!!!Hidden driver: 0x86F412F0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF7571000 WARNING: suspicious driver modification [atapi.sys::0x86EC9AEA]
0x05DA0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 1077248 bytes
0x05D40000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 126976 bytes
0x0E740000 Hidden Image-->System.EnterpriseServices.Wrapper.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 126976 bytes
0x0E440000 Hidden Image-->System.Runtime.Serialization.Formatters.Soap.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 143360 bytes
0x035E0000 Hidden Image-->System.XML.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 2060288 bytes
0x04970000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 266240 bytes
0x046A0000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 270336 bytes
0x09390000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 270336 bytes
0x06150000 Hidden Image-->log4net.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 282624 bytes
0x04370000 Hidden Image-->System.Data.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 2961408 bytes
0x08ED0000 Hidden Image-->System.Data.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 2961408 bytes
0x05420000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 307200 bytes
0x03810000 Hidden Image-->System.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 3158016 bytes
0xF7673000 WARNING: Virus alike driver modification [SSHRMD.SYS], 36864 bytes
0x06D10000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 421888 bytes
0x03570000 Hidden Image-->System.configuration.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 438272 bytes
0x012D0000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 471040 bytes
0x04790000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 479232 bytes
0x067A0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 479232 bytes
0x05670000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 5033984 bytes
0x06F50000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 5033984 bytes
0x01240000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 53248 bytes
0x05BC0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 634880 bytes
0x01280000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 77824 bytes
0x042A0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x86ADCB10 ] PID: 1896, 778240 bytes
0x07590000 Hidden Image-->System.Web.Services.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 847872 bytes
0x034E0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 86016 bytes
0x06600000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x86ADCB10 ] PID: 1896, 872448 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
==============================================
>Hooks
==============================================
IDT-->Int B4h-->Unexpected Interrupt, Type: IDT modification[86A42DD4] [unknown_irp_handler]
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B774, Type: Inline - RelativeCall 0x804E2774-->C0D5258A [unknown_code_page]
ntoskrnl.exe+0x0000B9A0, Type: Inline - RelativeJump 0x804E29A0-->804E2971 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9F0, Type: Inline - RelativeJump 0x804E29F0-->804E2983 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA48, Type: Inline - RelativeJump 0x804E2A48-->804E2A3F [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA94, Type: Inline - RelativeJump 0x804E2A94-->804E2A77 [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xEC2D8460-->86F7CAF8 [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF50E6B1C-->86F7CA00 [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF50E6B28-->86F7CAF8 [unknown_code_page]
[1056]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1056]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1056]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1056]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1056]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1056]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1056]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1056]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1056]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1148]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1296]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1380]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1520]logonui.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1700]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1744]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1792]WLService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1924]jqs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[2020]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[2060]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2060]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2060]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2060]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2060]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2060]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2060]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2060]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2060]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2060]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2060]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2060]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2060]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2060]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2060]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2060]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2060]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2060]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2060]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2060]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2060]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2060]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2060]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[2276]explorer.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2276]explorer.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[2276]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2276]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2276]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2276]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2276]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2276]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2276]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2276]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2276]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2276]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2356]alg.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[2356]alg.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3084]jusched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [SSU.exe]
[3160]SSU.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [SSU.exe]
[3160]SSU.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [SSU.exe]
[3160]SSU.exe-->kernel32.dll-->VirtualFree, Type: Inline - RelativeJump 0x7C809B84-->00000000 [SSU.exe]
[3160]SSU.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [SSU.exe]
[3160]SSU.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E485-->00000000 [SSU.exe]
[3160]SSU.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3444]SpySweeperUI.exe-->kernel32.dll+0x000106F1, Type: Inline - RelativeJump 0x7C8106F1-->00000000 [kernel32.dll]
[3748]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3748]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3748]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3748]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3748]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3748]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3748]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3748]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3748]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3748]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3748]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3748]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3748]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3748]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3748]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3748]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3748]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3748]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3748]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3748]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3748]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3748]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3748]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3844]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3844]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[672]winlogon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[720]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[732]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[900]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[988]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.orgDatabase version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/23/2010 5:21:16 AM
mbam-log-2010-06-23 (05-21-16).txt
Scan type: Quick scan
Objects scanned: 137115
Time elapsed: 17 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skassjha (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thrjkeqo (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skassjha (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thrjkeqo (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Ken\Local Settings\Temp\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.