Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help remove Malware from my PC

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help remove Malware from my PC

Unread postby deltalima » November 4th, 2010, 6:53 am

Hi strelok31,

Please be careful and don't ask me to install and run these kind of programs that crash my PC.


To diagnose the problem with your computer it is necessary to run certain tools that dig deep into the operating system. Occasionally these may interact with any potential infection to cause system instability. Without running these tools then I cannot attempt to fix the computer.

If you wish to continue then please run the following scan, if not then please let me know so that the thread can be closed.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 4th, 2010, 12:07 pm

Hello,

I have already provided you a lot of log outputs. Is it enough to see the issue or you still can't see it? I just don't want to make my PC unstable. Are these tools safe to use? Will there be any damage to my PC when I run these scans? This are no Spyware in these tools, right?

Strelok.
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby deltalima » November 4th, 2010, 2:22 pm

Hi strelok31,

I have already provided you a lot of log outputs.


I will only ask for information that I need.

Is it enough to see the issue or you still can't see it?


No.

I just don't want to make my PC unstable.


You have asked for help with a malware problem, I am trying to make the situation better.

Are these tools safe to use?


Mostly, yes.

Will there be any damage to my PC when I run these scans?


Unlikely with the scans, however in an earlier post I stated –

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

This are no Spyware in these tools, right?


Correct.

Please let me know how you wish to proceed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 12:32 pm

Hi deltalima

I appreciate your help with my issue. I am running the scan right now.

Thanks,
strelok31
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 9:55 pm

Hi deltalima,

Here is the log file generated by RKUnHooker

The file has too many characters, more than 100000 characters. So I will attach the file instead of putting the contents in the message.

Thanks,
Ilya
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 9:59 pm

Hi deltalima,

Here is the log file generated by RKUnHooker in parts.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #4
==============================================
>Drivers
==============================================
0x8F20D000 C:\Windows\system32\DRIVERS\atikmdag.sys 7741440 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x8263F000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8263F000 PnpManager 3907584 bytes
0x8263F000 RAW 3907584 bytes
0x8263F000 WMIxWDM 3907584 bytes
0xA5210000 Win32k 2105344 bytes
0xA5210000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x98200000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101106.003\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0x94600000 C:\Windows\system32\CTEXFIFX.DLL 1339392 bytes (Creative Technology Ltd., Creative XFi Effects)
0x8FCD0000 C:\Windows\system32\drivers\ha20x2k.sys 1191936 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))
0x8AC06000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8A801000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8AA07000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804CC000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB34F0000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8AB0B000 C:\Windows\System32\Drivers\dump_iaStor.sys 819200 bytes
0x8A603000 C:\Windows\system32\drivers\iastor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xAA201000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8FA01000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8FABF000 C:\Windows\system32\DRIVERS\bcmwl6.sys 548864 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8F96F000 C:\Windows\system32\drivers\ctaud2k.sys 520192 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0x80600000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A72D000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAA35E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9C437000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 430080 bytes (Symantec Corporation, SPBBC Driver)
0x80412000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9C4E6000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB34A2000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x80757000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9838E000 C:\Windows\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect)
0x94277000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806BB000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8048B000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x807B1000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x94747000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8FB8B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9C4A0000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8FB45000 C:\Windows\system32\DRIVERS\e1e6032.sys 241664 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0x8A937000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB342A000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A6DB000 C:\Windows\system32\drivers\PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)
0x8AD15000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FC4C000 C:\Windows\system32\DRIVERS\teefer2.sys 221184 bytes (Symantec Corporation, Symantec CMC Firewall Teefer2)
0x8A99B000 C:\Windows\system32\drivers\ctoss2k.sys 217088 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0x8FC9B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8260C000 ACPI_HAL 208896 bytes
0x8260C000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80689000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x942BF000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x9420D000 C:\Windows\system32\drivers\emupia2k.sys 196608 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0x8A7B6000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x94398000 C:\Windows\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0x8ABD3000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x94328000 C:\Windows\system32\CT20XUT.DLL 180224 bytes (Creative Technology Ltd., Creative 20X Utility Effects)
0x8A90C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8A971000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA2C0000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9424E000 C:\Windows\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xB35CE000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x98366000 C:\Windows\system32\drivers\WpsHelper.sys 163840 bytes (Symantec Corporation, Symantec Intrusion Detection - WpsHelper)
0x8AD65000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80712000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB347B000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8FBD8000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x94D59000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x805AC000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8AD9D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x94DD7000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9C5D2000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB340B000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9C544000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xAA3CB000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x9C41A000 C:\Windows\SYSTEM32\Drivers\SysPlant.sys 118784 bytes (Symantec Corporation, Symantec CMC Firewall SysPlant)
0x8AAF0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9C59E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9C5B9000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8A79E000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB3463000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9C561000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8A7E4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9436B000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x94C0A000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x942F1000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x94382000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x94313000 C:\Windows\system32\CTHWIUT.DLL 86016 bytes (Creative Technology Ltd., Creative Utility Effects)
0xAA3E8000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8FC0A000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xAA30F000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x9834E000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101106.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x805DE000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x943DD000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xAA2F4000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9C407000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8FAAD000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xAA324000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8AD8C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9423D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80472000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A6CB000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x947CF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xAA2B0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807A1000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8A9D0000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8FC26000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8ADE8000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8A714000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x9C58F000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AD56000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80739000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x805CF000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FBC9000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80748000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8A9E0000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA5450000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x943F1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x94354000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x943CF000 C:\Windows\system32\drivers\wpsdrvnt.sys 57344 bytes (Symantec Corporation, Symantec CMC Firewall WPS)
0x9C578000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8A9EE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8FC8E000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8FAA0000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8067C000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9C5F2000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x94DCB000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FC36000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8FC41000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x947DF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x807F2000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F200000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8ADD4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FB80000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9C585000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FC84000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA2EA000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9C4DC000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8A723000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB3400000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x94D92000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x94C00000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x8ADBE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x94D9C000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x947F6000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x943C6000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x983E0000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x94362000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA5430000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8ADDF000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80701000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80483000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8F9EE000 C:\Windows\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0x8040A000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x947EA000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8070A000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x94DF8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x94DC3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8ADF7000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8AD4E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAA307000 C:\Windows\system32\DRIVERS\WinUSB.SYS 32768 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x94DAC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x94DBC000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x94DA5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9C400000 C:\Program Files\Spyware Doctor\PCTSDInj32.sys 28672 bytes
0x8FC1F000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8F9F6000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB35F6000 C:\Windows\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0x8FC82000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x94DB3000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x06B40000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 102400 bytes
0x00CC0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0xB0FE3D90 ] PID: 3964, 110592 bytes
0x00E20000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 110592 bytes
0x075D0000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 118784 bytes
0x07C20000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 126976 bytes
0x077F0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 143360 bytes
0x08260000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 1519616 bytes
0x07A70000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 1683456 bytes
0x056C0000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x89CFDD90 ] PID: 540, 1703936 bytes
0x06E10000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 208896 bytes
0x07820000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 225280 bytes
0x05340000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 258048 bytes
0x01C60000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0xB0FE3D90 ] PID: 3964, 28672 bytes
0x01CA0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0xB0FE3D90 ] PID: 3964, 28672 bytes
0x01D70000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0xB43F1020 ] PID: 3980, 28672 bytes
0x00880000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x008A0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x00E90000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x03F50000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x01DB0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x03F60000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x04090000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x040A0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x040D0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x040E0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x04DC0000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x050F0000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x05300000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x05390000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x054C0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x054E0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x05510000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x055C0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x05560000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x055A0000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x05ED0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x06070000 Hidden Image-->LOCALIZATION.Foundation.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x06060000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x06080000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x06410000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x06E50000 Hidden Image-->atixclib.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x070C0000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x070D0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x07360000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x075C0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 28672 bytes
0x074F0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 339968 bytes
0x07550000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 364544 bytes
0x01D70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0xB0FE3D90 ] PID: 3964, 36864 bytes
0x00E40000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x01D90000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x03F40000 Hidden Image-->AEM.Foundation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x04D20000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x050E0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x05380000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x05540000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x05910000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x05A50000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x05E90000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x060A0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x062F0000 Hidden Image-->LOCALIZATION.Foundation.Implementation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 36864 bytes
0x06ED0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 372736 bytes
0x06E60000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 413696 bytes
0x08CE0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 438272 bytes
0x08540000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 446464 bytes
0x00CF0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0xB0FE3D90 ] PID: 3964, 45056 bytes
0x00DF0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0xB0FE3D90 ] PID: 3964, 45056 bytes
0x01C40000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0xB43F1020 ] PID: 3980, 45056 bytes
0x003D0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 45056 bytes
0x00870000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 45056 bytes
0x008E0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 45056 bytes
0x00EA0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 45056 bytes
0x04D10000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 45056 bytes
0x05550000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 45056 bytes
0x05570000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 45056 bytes
0x05A30000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 45056 bytes
0x06C90000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 471040 bytes
0x07040000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 479232 bytes
0x085B0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 487424 bytes
0x07470000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 495616 bytes
0x03ED0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x89CFDD90 ] PID: 540, 507904 bytes
0x04280000 Hidden Image-->msvcm80.dll [ EPROCESS 0xB07EB020 ] PID: 3804, 507904 bytes
0x01D30000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0xB0FE3D90 ] PID: 3964, 53248 bytes
0x00E80000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x00E70000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x01D70000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x040B0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x03F70000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x04CF0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x04D50000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x05530000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x05640000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x05C00000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x05D60000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x06030000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x06B20000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x06C70000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 53248 bytes
0x08B70000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 602112 bytes
0x00890000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 61440 bytes
0x04D00000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 61440 bytes
0x05BA0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 61440 bytes
0x05EB0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 61440 bytes
0x089E0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 675840 bytes
0x01C40000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0xB0FE3D90 ] PID: 3964, 69632 bytes
0x008B0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 69632 bytes
0x04D30000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 69632 bytes
0x04DD0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 69632 bytes
0x05310000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 69632 bytes
0x05B80000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 69632 bytes
0x07D40000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 700416 bytes
0x01E20000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x89CFDD90 ] PID: 540, 73728 bytes
0x02130000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0xB07EB020 ] PID: 3804, 73728 bytes
0x005B0000 Hidden Image-->sprtmessage.dll [ EPROCESS 0xB43F1020 ] PID: 3980, 77824 bytes
0x04DA0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 77824 bytes
0x054F0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 77824 bytes
0x055F0000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 77824 bytes
0x058F0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 77824 bytes
0x05BE0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 77824 bytes
0x08C10000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 806912 bytes
0x00E50000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 86016 bytes
0x05620000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 86016 bytes
0x07340000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 86016 bytes
0x08A90000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x89AFB8D0 ] PID: 2412, 913408 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\$Recycle.Bin\S-1-5-21-2431464384-2967160312-2786964109-1000\$I7FOHFT.JPG
!-->[Hidden] C:\$Recycle.Bin\S-1-5-21-2431464384-2967160312-2786964109-1000\$R7FOHFT.JPG
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\changes.rtf
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\belarusian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\bosnian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\croatian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\czech.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\danish.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\estonian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\greek.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\hebrew.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\korean.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\latvian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\macedonian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\polish.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\russian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages\turkish.lng
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\license.txt
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\unins000.msg
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\030EA057-3513-487F-AA3E-CAC9B1E37B14.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\12014BED-9067-40F1-885A-0B52615824AD.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\28B2AF46-EE64-42F3-9DC9-B3FBFD4441F6.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\2D563603-7B51-45D5-86CF-48C8390A3C6F.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\36301F88-9670-4742-AC82-9DDBCBFBE734.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\5AEC4B4A-98EC-4CA6-88F0-2C4865D4AEB8.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\896939C1-0C61-4698-8548-36801292E9B5.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\A38CF04B-850C-4ACC-BB84-7629167C63C9.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\A5F0BD34-0B5F-4BA7-8E28-5E958A38E803.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\A6B45432-AB5F-4919-BBF9-E179A317CE24.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\A6DDDD31-4986-4B1A-9521-9D3D784F0B3B.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\AAF5F676-F997-4516-9799-03C9C85E7296.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\BFD77424-F721-4E1D-9E32-ADB19F22165B.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\C78859B0-AC5D-4ED2-A672-13038C4228D1.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\quarantine\DB2281EC-3841-4FF0-8645-2BB0A6E40ECC.sfs
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction304.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction305.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction306.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction307.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction308.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction309.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction310.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction311.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction312.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction313.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction314.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction315.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction316.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction317.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction318.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction319.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction320.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction321.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction322.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction323.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction324.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction325.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction326.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction327.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction328.xml
!-->[Hidden] C:\Program Files\Spyware Doctor\TransactionResults\Transaction329.xml
!-->[Hidden] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\config.dat
!-->[Hidden] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\ignore.dat
!-->[Hidden] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\link.txt
!-->[Hidden] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\local.dat
!-->[Hidden] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\news.txt
!-->[Hidden] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS06701.log
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{00192A8E-0428-46CB-BA33-EEDB4009CDF4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0037C600-E73B-402A-8A09-1C8FA5CBF170}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{00F9339A-501D-442A-9526-FDF39894F1EE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{01040C24-931C-419E-A6E2-8104DD7E457E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0175286D-E600-4B78-8AC4-4FE0922B3C6A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0219E172-D4BB-4CA5-B855-0CF11AF7A6F7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{028168CF-6860-4F24-BCBF-FC04E6DE063D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{02BD3B2B-E720-42D6-B3C5-823F2EBB1C69}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{02F97172-6ADF-44CD-9152-4DDCEBB249E0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{03B7CF18-1132-4FC6-BB6B-D0117AB1D470}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{03F4BC5C-26E8-41F2-8D10-7F8D0F7DCF97}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{03FB582A-707B-4793-8AC6-3EE1D4A27456}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0470257D-1275-452C-BEC0-196CC2409728}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{04802D4C-A7EF-471C-936A-F08EE9FF3E41}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{04CA6E02-A43B-4F65-9BD0-76F750C6C93A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{04D6E0BE-3BC1-4043-88F3-7A76916555B8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{05695603-6AF4-4969-B02B-6DA398E25615}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{05CCCCF4-8643-4B2E-B11F-B6D0D0FE86C8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{064CC517-231F-4B6C-AE93-43FDCC907D08}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{06547F41-49A7-4821-8E08-B8368C5B499E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{06EFCA9A-FBF7-4766-948C-BF14A6B7BFF7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0701A245-7BCC-4D82-864A-6F135DAF25B8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{07509C95-6707-4D1A-A94B-A534B12441CB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{07A1CA7A-A565-410B-8BAA-F4F8CF6A2AEA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{07C0E13E-4E96-430F-8AB6-E9F38FB1FB8A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{07D119EE-3ED7-480B-9EF6-0C150AF70216}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{08F8884A-2656-4A43-B46B-4B524AC5A045}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{095D9479-D286-4CD8-9A6B-D6FE6E0EEFC7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{098340E9-C9A9-4151-8A4A-C6E6E356F1FE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{09CCC03D-D4F2-4DC4-B058-BD9DDB241591}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{09D9F36E-530E-499F-800A-51D5158F5C99}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0A2B043C-88A4-4131-AF01-841F19746695}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0A439FF7-BE5D-4EBE-A76A-A0F05D684D41}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0A7C6C13-04C0-446B-A98C-8A4D5B719FC3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0A9540BC-50A4-48D8-8EA7-37C53281A0C0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0B40503E-2FA4-4121-83BB-638C2722561B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0B4A9D34-A9D6-4627-BBC3-7AA49DF54786}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0B6357A2-4B03-45E7-AC74-A0329D86589E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0B7D3E8D-9449-4D4B-983A-704345DA2F11}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0BAA57ED-B7A0-4CA9-A2F5-92871F3D3FE2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0BBFA328-C25F-4426-9554-CBFF0AB268E6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0BDFE10B-A87B-4407-B865-FF9110804857}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0C47D67A-DBB4-4D23-AACF-A63C525B34D4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0CD00B36-04F3-4598-891B-C833C3A26D70}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0D2B87C9-DA04-4E64-B26F-D6B310FAE578}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0DCFCCC2-7145-40E8-ACEC-D056C0D398F8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0E39B750-BA1F-4306-A6FD-38B48B9A2E3A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0E4F5D48-5EC7-4CBE-AA00-CF6341B6AABC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0FA26773-2A6D-40CF-AA03-C3A34BE9C535}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{0FAABECA-7473-441A-92DB-79C03FEF694A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{10741784-69BE-46F3-B2D9-45DDF8C2A9A0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{109375EB-859B-4237-8B56-F15D9D25AC7E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{115B9523-E0A0-44F3-AAD1-839BFBA43F20}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1171DEE7-7101-477E-B91A-4B2535FCB824}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{11C1460B-B92D-4916-B423-CB4F20102EED}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{11FD4718-8F2D-451C-8E01-8220493A631C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1217C871-42B5-4056-B930-1C360A5398E9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{121C0E53-FC78-4830-B601-9901E11385BD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{12247A6E-DC2B-484C-AEDE-680662FCF9D3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{123D720E-F7CC-4BAD-A11D-0A0E9FA3AEF6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{12437ECB-5200-4968-99EF-82BA1ED213BF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{125BD567-1317-44AB-B49A-8D4039267CDA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{128197E6-38F6-4A58-8697-BA787418E811}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1286B197-B573-4814-9214-DA1F2D1AEFDF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{12970FF7-EBA1-4B38-BEED-9FCB9E1A207B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{12B5C201-2A3B-4B5A-BA39-62345C8B52FC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{12B81BEE-07E4-4974-9F6B-9BC561D0CBEA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{135EA63C-98BE-468A-B27B-5421BC648F73}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{14485FEC-88DF-43EC-A99F-0A51F4B543DD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1473D3BD-9BBC-4FB8-AE42-F00B4C603FC8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{14926BAF-0F86-408C-99B3-79BA3F422567}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{14A9EE73-5C67-4B44-9281-3D17DFB5DBB1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{14C16437-96E5-40FB-ACEE-92E5CE3F524C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{14DB3C56-8198-4DF3-93B3-ED647B477491}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{14FBD384-CB2E-4563-AA5C-93E70A6D4BF1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{15307832-006E-4C04-851D-96BFF8DF7AC3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{153B15A2-3181-43D5-9EB2-38B623832D96}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1555544D-69F0-4917-8F6F-C38E272CAFE6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1581EDFB-A0F1-44E8-B850-826FBFA24A06}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{15A557E0-7CE8-42BA-A581-212D315E01E7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{15C77A4C-8758-4B97-87C5-6F0998F7BA02}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{16102953-FD21-4437-B210-03408D93748B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{16349FB3-BE86-4EDB-BC38-090F8F859046}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{164EA938-B7F0-4EFD-AEDB-6ED929EF025F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1655A6E3-C990-4AD0-A246-912EC158829C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1676CBD2-E917-426B-B0EE-D20A74CA1A7F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{16BA4A11-14D5-4262-BD51-F6DAD2ED1939}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{16D0A4B5-EAEC-4C09-8467-DBF4816E06A3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1761702E-54F9-4F66-9A5E-D5C89DBF2F76}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{17C22ECB-807B-4784-BF57-0108B84A9866}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{17CE3D06-C50B-4DE5-9CD9-523B0422D9DF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{17D4F783-33D5-4F00-B9A0-D4DE218FBE39}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{17FB1E22-6C26-4432-ABCF-ADD29AE2BA58}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{183BEA3D-E91A-43B4-B09C-4134D4A398C3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{19666743-9F57-467F-8628-E44ECDA04457}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{198643FC-64EA-447A-83F0-B1C72DEF7BA5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{19942A10-C023-4084-9965-996E66A73FF6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{19B9C643-BFEC-4925-823D-3D1A32304E1B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1A6FDCDD-74A7-46D0-A614-6F9F12B21C94}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1A8224FC-A6EC-4AD6-9758-2B23B5365D08}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1A9DE51F-C6ED-4166-BAB4-6C7FD7652470}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1C421D5C-A37E-4F3B-993A-6BF699EA535E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1C7DA981-ED01-4E00-B01D-8A1FA007C6D9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1D025C4D-4D17-45C7-815E-8CF024767107}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1D09B8EC-82C9-4CD9-9298-4EE1D807BD4E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1D2BDC0A-3EBF-45EE-A386-1FC788B2FAF9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1D3EB722-0650-4CF5-9073-A8F71EC85E5D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1D4A580A-9F03-45DC-8650-AB9D25179D27}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1D4EBF18-D328-41A8-AB4A-7A62AE5D1F64}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1DC97802-64F2-4F26-BB0C-1211879D94CF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1DD6AF62-0976-4E5E-99B5-FE1B08EF9882}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1DD80C28-CF25-491B-97E5-234B6181E7F5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1DFCE6F0-0520-4B62-AED7-9869151B6C46}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1E235F13-4A2E-442B-B42E-B06B36C5B560}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1ED0C410-BC13-46AC-9ADD-318CDE1C8634}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1F5BA6D7-21FE-42A2-88BF-7D81EF6FB559}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1F98786E-C03D-4276-BF2E-27FEBE93ECF8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{1FEBA976-3103-4E27-B35C-4A9535816034}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2034CD1C-09C0-42CC-A243-86B8D2E353B7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2127FA91-F98F-486C-A06D-D45327B8ECAE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2264C503-93FF-4163-8407-D5A04B2020F7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{22727645-C925-403F-8AD8-731C65797FB2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{22917EF6-3DE1-4746-BE1E-BAE7BD25E3B1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{22EB8CAE-DCEA-4872-8EDF-45A075CFC09B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{22EDBE3B-D0A3-4B02-A27F-1E327B3614C5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{237F140D-44B3-4428-9CC7-9D37CA2684AE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{23D8EDEC-B55A-4441-ABB8-7545DBE17EBB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{23DB89E2-DA43-4597-B3CD-AE78E93CB2D9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{24E04A23-48E6-4454-89A9-EE61173C3661}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{25AB3E51-4EC6-45FB-B571-207A48FC4490}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{25BD780C-5819-4C72-8B9A-018CB90763E7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{25CA5EC0-4F1C-435D-B02B-C1BD4EC5ABD3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{25F9C56B-0BC2-404A-9ACA-594B0AB9B222}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{25FA3B1B-F440-425A-AF47-FF436576B8D1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{26023E38-81ED-4D94-A3A2-58FA6D381A8A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2602DDA7-8DDE-4CFC-954A-80D343F9A425}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{264030B9-8F95-430D-B4F0-7B2862D47ED0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2662C325-6874-4E72-A6CC-4FCE4B862525}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{26E44079-92F1-46B3-9325-C0E49CF03A55}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2707BAE9-84D9-48A6-A2C3-350AD0AA03D1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2765582B-76CD-40C8-B7D7-BFB7E0EC767D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{27928D2C-97F9-42DD-ADA1-85DCEE74F182}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{27AE63A4-4A71-47BE-8D2A-5016FB70A9DA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{27E437D0-3640-4EE1-AEA8-6A003BC473F2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{28023B3A-53E3-427E-B5D1-4AC6FD3B7B34}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2836A7EA-232A-43DC-ADA6-5A85E31D33EE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{28A5B7B2-4270-4532-9C1F-4D81ECE71F88}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{28A891CD-3E42-4F6B-B91F-38607F25122B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2905C8C7-A3C2-4D05-8B23-A0EFA17B1043}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2968C8B0-9FB8-498C-8C97-B872E22701DD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2974072A-E099-4D7F-A8CF-BA4673A83285}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{29942BBF-8776-415D-A6B4-F97DD55932A0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{29F394CB-AADC-4C57-9848-5EDC9863B27B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2A10C8BD-4ECF-49DC-938D-DB067FF24875}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2A4266A0-4C67-4E4D-B5D8-BC68099A99B8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2A7862C8-7654-4320-855F-3B82E404C784}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2A8535C3-2789-4A9F-A3BF-8AE50E1D710F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2B18D5CB-0C1D-4D77-BCA9-DD52C29511D9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2BC58CFA-E17E-408F-AE6D-4035A5B4F7B3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2C354C28-840D-466A-9869-6BB82A265EA8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2C48FD9E-D8DA-4C11-BEB6-6C5F96A914B9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2C552ACA-FBFA-4BE5-AAAD-ECC128522CA2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2C80FB99-2CCB-459E-B795-B03F19C9DBD9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2CA8D518-11CF-4DA6-8CF7-297459BE3F93}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2CF0BE01-FCFF-41E9-B9D8-3CCC80FC11A2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2D423F01-5907-4D09-B541-EC75924849EF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2D446E7C-461A-43C7-B864-9D40E6981E68}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2D540144-AC03-4FFF-8DD8-0470B4AE7F1F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2DBE40B9-0612-4AD1-B9EC-EF5980A1B062}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2DD9EC29-D531-47E8-8CC7-CB2DF90E7292}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2DDC93B0-E151-4630-9DBC-6E8230598B5F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2E0B9FBB-8F84-43AE-BBE6-C247FC648498}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2E22DC06-5A52-4CDF-83D5-E8D83488E889}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{2FB006EF-E19A-45E6-B2CB-6A4A84074738}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{300E5A7D-00F8-40EB-A640-F9EF7AB300DB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{30117F6B-2CC9-47B3-BF47-96F23746C2FD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{301E3E27-9F17-44AD-B62D-79CAFEF177C2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{30263397-D535-4138-A947-DF28F94213B5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{30BCD07C-2F48-4490-B16A-9A453CFDC326}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{311D9601-3069-490C-A1D5-A604969F5CD5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{32041F32-F66C-4B3C-8E11-97B9FE6A0DAE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{321FC05D-2F81-41BE-A584-81BE67962543}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3233BAE2-2C8F-40DE-A948-7B04E29E6533}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{337F074B-3554-4F50-BB23-CC06ACF9C58E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{33CE25C6-51B9-4F16-8FBB-310A9F2DE615}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{33CE401B-3C43-4929-A5C9-8010F6A3C5F5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{33FD7E06-3B7B-4D03-8C37-3F5D84E5C5B9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{34073C7F-F3EC-4F62-A6AA-0302A1602450}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{341736CF-5AC2-4235-BECB-943F2550A2E7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{346FACC1-0CA1-4A40-9804-0F0B5AF30337}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{348A02C3-A729-4A38-BBB3-8EB440E8A39B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{34B111E9-DBEE-4FF4-BCED-F5E6CB3C5E5B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{34CCD451-6C71-4FCC-B573-F4BC5EEBCA83}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{35736B0D-31F6-4FC9-990A-989388ADCEEF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{35EA14A4-3951-4733-9BDD-9E9DCF378B65}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3640F404-83D3-4D09-9FF8-0DFBDE83F8F9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{36587164-6271-4CCF-9A66-6EA670177F71}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{36753ADF-2AFB-4012-A280-F976AE4F5CFB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3688C0E6-52E5-4B74-9631-5851B080B1B3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{369FC647-6692-4D63-8DEC-B6B2C244EBE0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{37427CE1-C8D1-4666-A9E5-280CCA075C77}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{374B21C3-55D1-41AC-8CF6-C275E9E7DDE1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{37733E49-E8A6-44CC-936C-B11CFAEBF206}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{37792DF7-9E8E-4232-9619-110357235621}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{37B7E39E-0174-4106-98E9-068C83ADC3C7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{37E110D0-815D-4D78-B4C6-4013AB06E403}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{37F87A9D-F767-4CAB-BEAE-FA1D1033291E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{37FE0ACC-DEB2-4F0C-9FAC-22EE81F5F8A4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{382449FE-1E6F-4CC4-9A2C-19BCA6993831}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{38A5874B-522D-49A9-9AD2-6E8E4C336563}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{38A70D18-B5B9-43D3-948D-DDB1964B1BDC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{38D60861-15ED-4A56-8ABE-5D836486DD21}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{399D8D4B-98E6-4301-80DC-58007590CBE1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{39F196AD-FA41-4A77-9427-697B2E783B7D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3A48245E-02F4-4402-AB87-AD29853074C5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3A8A86B9-AF8D-49EC-9ADB-195B217178C2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3AB83ED3-4548-4F1B-95C6-479D37C2322A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3B2BB72C-C9B8-43EB-AF3E-A7D7A2D5C0D2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3B8C67AE-4453-43FD-9D99-1BCB62B72110}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3C3D10B7-7D2C-434B-A2CC-475D1C74CFD6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3C49B89D-54EA-40E9-9B25-6F417B6D6F89}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3C57E98A-DFAA-4767-ABD5-C3C1D6B4BE1B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3CAC42CB-6E05-4C69-95CA-0ECAA4BF93B3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3CCE1C42-9DB4-44E0-8114-B5C325334EA2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3CE90099-D0CC-4613-91A9-53E692E13275}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3D4D8585-643D-4538-B0C4-495AF1BBD6B4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3D9FE4BF-8E63-4390-8772-9A9B503A1C49}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3DA471BF-2CA3-4CC5-AA6F-D52935F5A27A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3DC22E99-3485-4047-B8B9-AF2F88128EE8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3E175B52-5B0B-4C6F-A87D-A2741D1A40F4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3E1E3A3A-ECFD-4B8C-BD2A-CA0B31D1EDD3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3E4553EC-27E0-4873-B666-098B8AB3FC80}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3E5DFC02-105A-41B2-888A-1AC4DB15E0AB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3EA90E4C-B577-41FC-831B-7403042A7DC0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3ED231A4-0E08-4C38-B8D6-7673D4CADF83}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3EEFCAC5-29FD-45CC-A7FB-6ED39AD8DBD0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3F7D7AD0-519A-4178-BE08-9A499FCBB890}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{3F91C8AA-8C62-47C6-A8F4-E4A7317937FD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{401F824D-8C63-49E9-BBB0-E641BA891BA3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{405957ED-D598-4250-A122-6D281C20C85C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{40825AD3-0A8D-4966-8270-21636999DD69}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{40B98D86-E3E6-49C5-869F-4512D6E9C9E8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{40BB5277-83B0-4A8A-B634-C6407B84939B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{40DCF3A7-82F2-4570-AC11-2696738AB14A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{41352528-333F-4279-A00D-91292E9EC451}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4141AEA3-8AEC-4FB1-9D67-6A0736F7C01D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4147A607-37CB-45B0-B93D-F0E8D4FA1CB7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{414F8207-662F-48B3-90CB-009BBC91AFCA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{415DD326-774C-47B5-8116-ADD9FA9557AE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4180E077-267E-4CA2-BE79-70584A76861E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{41871CBC-21D3-44B8-B1A6-E8B27EE2697D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{41B9E6DC-7AC6-4D06-9C53-92B61A492709}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{41CC27C2-17F4-4616-8152-6EA819A0AD2B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4224B832-6518-4088-BEE6-D70E72D6ABEE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{42648D0A-74A2-4C07-8F5D-19F225C1BBE6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4275FF41-063E-4C94-83A8-8A39C3BCD5EA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4392A07C-4F40-4A3C-82E9-3983155DD43D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{439C4950-38B8-436D-9BEB-201A2EE22740}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{43C341DE-3344-49BF-B682-1F73EC85D774}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{43D07DAB-89F6-4AE8-8FD2-6DF71E30156C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{441D3A55-144B-4F24-BD31-AE9A3321CD71}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{442B2C4F-09B4-43CE-9D38-D49F9C239CFE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{446996BE-887E-4207-926A-50057408996F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4474CC35-0685-41EF-817E-8C41D2569057}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4483EDFA-5864-45C7-B361-599E014E5289}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{44C5FB3C-F753-49F9-99B7-E7E3A8DFD309}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4554E8CB-CC4B-42C5-BE93-C83142443899}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{45C15794-3F6A-48B6-8413-68B4AF032674}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{45DABF00-71AD-46E0-AC41-76821E034726}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{463C92FA-8D6D-4A30-8497-A624209B36D3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{46428CA9-8803-4211-98A4-B64A62454FDB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{46693CD5-54C8-4DEA-ACFD-068310380EAB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{46EFAFAD-364C-482C-9147-D473C478491F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4705AE2C-0D74-48AB-9EBE-46B1F3BE058A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{47758ABF-DC6B-48E8-BFEB-F18B88929234}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{477A979F-2122-4077-BC31-12A7655C0C6F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4791BC7D-F3E2-4579-BB65-50A123883231}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{47AA1EE4-E1D7-4591-8546-57AEB65415DB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4834BFBB-5738-4E77-9A5D-0184F4E88885}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{487C2347-498A-4E9D-82A4-67EC49934584}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{48D1AD4D-E584-43EB-AE39-058DED26C344}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{48DA07BC-B998-44DF-BEC9-4738D26AD7F8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{494B9373-AB40-4D4C-8B6E-D7500BD7507F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4972BE1D-1176-4697-B3EB-E40FD5ECAC14}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{49753D94-42E1-4374-B9A1-FF3BDD86FA08}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4997404D-1263-44AE-8B8E-26ED00564A33}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{49B57B85-E1DD-4C8B-8371-415CBA8F333D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4A20078B-5B8D-4CC8-9A76-FCED1C5CC305}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4A222714-204B-4653-A234-7FFFBD4F9A40}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4A314852-6A72-4073-9228-33119F10F6A1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4A677E2F-3428-4E2B-8B8A-B70C85F3065F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4AE3B9AB-8217-4738-9F30-655DA7055638}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4B24C5ED-9AAF-4B13-A026-5B90FC98DD33}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4B6F385D-7F0C-4B1F-9926-ACDDD3424C28}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4BA7C78F-2A65-4C2C-A837-68113BDA1707}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4BC4EB62-37FE-4E33-A74E-E9729EE04041}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4CAFE822-EE7A-4E3D-953B-06A532DBBD59}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4D9E42BF-1777-48BE-AA78-CC121989709A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4E40B281-CF6A-4C6D-8280-9A3632828DED}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4E419029-06CF-4BCC-8138-858C9432C703}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4ED51F57-3DA1-408E-B1EE-8FAAE5AC2AED}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{4EF1F872-0BA5-4B56-8938-D19982E845F8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5019D258-6702-4649-81B0-28514633754B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{50289C2A-DEE9-475B-A44F-2162076E7E83}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{506B28AF-3F4E-44C7-AC18-B02EECA049BB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{508EA856-B865-424A-BAD9-AEBC671965E1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5096C138-3BCB-49CB-98FC-5BD600A1870C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{517DB5C6-4289-4B1B-A399-FC96CA74EF52}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{51A9EBA1-EC2C-4366-953E-F62ABC657A83}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{51B08D1F-1F72-4885-8CEA-D91B42BA517E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{51D1449B-0EDD-42CC-A8A0-8D00D56B5674}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{52E5845B-0D30-4E7F-89E4-E0D02E32C5C5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{52F4F177-0199-45BF-B456-04474EF2A5E3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{531AAB35-0A7F-473D-977B-5AD47E20519A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{532BFED8-AE69-4B92-9CED-1D01881EE636}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{534583C9-033A-4EB8-BCD8-A6FF9E8BEBC7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5404090F-F295-4666-AD49-487AEE0103BA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{54198F14-195B-4B2C-A572-2F799E8B8DA2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{542BD63F-6921-475D-A267-52006FD3EF1F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{542C2EB3-C7F4-4BCE-B630-2254A9815139}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{54B2FACB-DFB7-4B43-A2AD-081DDE709006}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{551860B6-D6A3-4D5D-A28A-2CEA3206A040}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{551ACE2B-3D29-48A2-AFCA-C6825567B935}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{556B00BA-E96A-4B87-A9CB-8FC0D57F180A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{55DA73A5-621E-4F7D-A6B5-D2CDA06C0EC0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5623D158-D8F2-4D51-B0DA-6A35C88FD688}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{571BEC89-892E-441B-9005-7EBD9183A568}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5731ADDD-2647-44A4-9B1C-726A52027E69}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5733AE67-5B56-4F81-807F-2B89B6D68D8F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5738F8CF-00E4-4AC1-851D-1FC6FBB9C4A2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{573BDAA0-2632-4EB4-9EE6-2FF2B0E165EF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5814A6A6-C9D4-4AC9-B30A-7B93636B541D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{58267E88-878B-411E-AC0C-5BB234F91D9B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5836A7F4-F7CF-4B96-9ADB-328339789278}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{58BFABE0-83FB-4F9C-8C18-857C4EF6D1EB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{58C618CF-A9EB-4C26-BA0B-C9EE92B663C3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{592DBA67-7690-4ABF-8ADD-6261088B33F2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5974A824-AB2A-4B45-A35A-549892F59552}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5984E27F-EF2B-46C1-86C1-BD24E094E080}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{59A462BF-920E-4022-8B74-C8212C673656}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{59B30B62-73A4-45AC-9FD2-B5628A8A3673}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{59D65873-83AF-4045-AE09-802FDA1BEFC1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5A1EEFDF-DB16-4F0A-9679-6AE2B00BCB50}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5A8AE33B-641B-4BF2-BD86-CF6EAC88ADA2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5A969BB4-9ECB-4563-8E8F-52C687B527B0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5AAB458E-363D-4F62-8FFE-84E708F0066D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5ACFD334-9994-4E3E-8210-9A5B8546CFF0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5B01EF5A-1A8C-43B5-9775-EC1CE11BB63F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5B2013A9-BBE5-479B-9903-675D702429F4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5B49153E-BDB2-4BF4-BABF-1FEDB9699FB7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5BCA6733-7625-4BF6-A68F-07274E0EA2C4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5BEE8E06-97E5-40C1-A638-4DD8E7E772F3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5BF3A4CE-2009-4F8B-A64D-66E4384F6330}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5C08CD0F-9696-4FA3-B46B-4376EDD0DB63}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5C134003-D47A-4164-BA03-0799781EDD46}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5C30DED0-B26D-4CB3-BB63-FCDE2A01291D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5C794FE0-3047-4F89-80EA-D830ED8944F3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5D002281-6576-4680-A176-5E3AF471C5FC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5D11FFF8-1B87-479C-9F7F-B16A1DC188E8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5D23A77F-8249-4393-B7E0-F2ADCAE045B0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5D92AED5-23DA-46D9-83CE-364D4EDE5887}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5DAD4FCE-21D1-4E65-941F-1F7E8B2FC905}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5DEDB8B2-B217-4172-BE75-EB0EC35864B4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5EECD2D6-1C5B-4A6F-ACC8-B6D850687A9A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{5FA78192-E5E3-4F20-8520-0B271C7F83F3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{60197C87-B67F-4D4D-B70E-7FBBB61D48D3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{601F6FA6-2C01-4F5C-AE1D-0256E1BC3318}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{602671A2-0A7F-4864-8743-9982599D2AC5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{605E86D7-8374-4BD0-864B-D97D1F3590F6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{608FA8C7-7643-4E6A-BFB1-C243598B6AC4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{60CB214F-2F52-4093-87ED-2FF109D87FC5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6123B0E4-6BC2-4156-A036-CB23D6828C24}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{61B010CF-34B1-435B-9BF6-B1009C3B33C5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{624EE153-4A0F-4007-AE1E-D4A3A2F6C2E7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{625691F0-3424-4FBE-B504-2F67C6B7704B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{62966666-F259-4960-AF80-09AED753A694}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{62C8562F-8C86-4E5E-BAB0-FF87AB38BE6C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{62D0D803-4248-45F1-988E-C7241B453787}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{632E647E-2946-48F9-8FCD-6599DE047838}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6343FBA0-38E7-430A-B793-EA741D5F101C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{639D53EA-4AA5-452E-B7DB-AEC9C4B1F40B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{63C2572D-FD7B-4DA9-AB3F-12E432B0803E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{64A696CA-9AFD-423F-A8CA-E289179FCF45}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{64AC8909-4C5B-44CA-83C0-13803D006EFB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{64EC8C95-9788-49BA-977E-83834370E4EB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6585CBF6-CEC6-42CE-BF8D-D01B3CEFEDCE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{65BEF585-F8F7-4F0B-A341-B6568772E9C3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{65F72FB4-6696-4914-BA21-774169BAC297}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{66312E61-31BB-40CF-804A-60BF818652C4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{664582E5-85ED-40E7-852F-411A8926CADC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{66DEA8E1-099A-4537-9E2E-49618798A3FC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{66EA05D1-0A7B-449C-9EC1-24794F2A36B1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{66F88C66-49B5-4C9C-B053-088DB0E01FB3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{67001B61-8326-4F89-A63E-AD517094C30C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{670FFAC9-4223-4ED1-9A07-D1D60570E6A7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{672977D8-E2E2-48FC-ACC6-793AA7577A26}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{67BF75E4-29FF-4D9F-8AE1-D987F3DA3F82}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{67CABCF5-07D2-4BC5-A891-B9F3FA1BE7BA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{67CF4A47-A5B9-49A8-A8F0-8951A3A0039F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{67E3A482-D05A-4A75-9EE1-1FE7949C1E5C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6835886D-BF0E-440E-8CC8-65A36A42A1C5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{683B4476-D058-40DC-8F3B-FCC035F85BEE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{68D2F643-2420-4187-9AA8-FC071329B17F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{68F1528F-6DAF-4E64-9694-F38C18C8B5CB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{690862AC-DBF9-486F-A267-26306181A8F2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{695A282C-6220-4C9A-A8F8-8A8649B3A0BA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{695BE14A-3041-4F85-8356-D126154F720D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{696F490A-77FC-40E5-82F9-DA7423B94F12}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{69ACFDCA-832F-4AEE-BD66-1927F77C0023}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{69C38CC3-EBC6-465D-A746-EC9FA1DB034E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6A06490F-85F9-47F0-9284-2467986F93AC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6A18A388-4225-4A04-B1C5-CF7CF3595A3E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6ADD58B9-87AF-441B-AF3F-672DAE8B2AF5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6B0A23E8-0DC2-46D4-A273-F30EF6040443}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6B1BACEE-0C1B-401D-9DA2-0CF17BBBF59F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6B205633-860A-4B6E-8265-731356A4A899}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6B60BB34-E848-49AB-ABEE-FA8B7E865D38}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6B8A74B1-83DD-4096-BC1C-8485F98AB601}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6BB6A783-DC00-4681-B716-EE14BD31A3D3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6BDCDB49-EF65-4290-92C3-56529125A2AF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6C80F3EE-2DAA-46D9-8BDA-0041F03923F0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6CC4F6B1-DEC4-4A79-A0BB-694B5CA68EC7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6D138360-DB49-4BA0-A25A-FCC8F6B85EBE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6DDACBBE-1F04-4EA5-8B6D-1C2FBBAAB866}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6E0278D9-8DAB-4A6C-82BE-E8DD44C2D7F6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6E888557-359D-4FD0-8542-7C5C980F0D3F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6EFF55DD-F6BC-4255-B0B3-FD56589F5007}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6F1B7443-7FD9-4131-98D2-2585CF52DBF1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6F61CC11-6010-4520-A061-00964DD2B328}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6F8A051E-86FA-436F-9870-C726C4FA7F18}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{6FCED53B-BA66-4EFE-AC46-18365CF0DCAC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{700BE18A-900E-41E4-836D-ECE2B00411F3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{705ACD04-80B8-434A-907C-799F3A222FF2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{70B65548-D6C0-4323-890F-5239B2D69ECA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{70C176BF-7526-49D7-833F-151EE5A5CACD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{71071B48-7D12-41FC-BB40-675906F00723}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{712FB186-F4A6-4762-B155-AA41754F250D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{71ACF90B-923E-4C6E-A101-2AB24949732C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{71B372DD-77CA-4501-B661-0DAA82CB2C28}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{72161155-ED38-41FB-BD76-D2501AFC80C7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{72204ADD-C40A-4A64-B985-E78DB46F8D54}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7227D4AD-BF82-49B0-AC5F-5F6B5431071D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{724BDB45-4C7C-4D4D-97B8-E02F1D43BD46}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{72AAE78C-4D0A-4F8D-94B1-AD5ECDDFFFC7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{72CEA65D-170C-477E-B4DF-EF0C5508C390}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{72EF0075-CF1C-4239-B023-4147CAB3D207}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7349842A-5ABB-4F6E-A161-E0F0EFA87CA0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{73D8DE9B-BF63-4B35-9055-4602A454F913}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{73F7C3E1-722A-445B-BF37-7BA0A396487E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{74360F23-2837-40DB-9DE1-F3E75F038638}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7448D2A5-8268-4814-BA9B-A1CA7E265483}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{748D38BC-FCC7-44F2-BD4B-B556E42A0397}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{74A75ECE-FAC6-48D1-BEAD-0A221599AA8A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{75275502-0C74-46E4-974E-06F1977E851E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{752982F6-3095-4EE0-9F98-E60BA8233E03}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7534146C-975F-4E8D-BBD7-D24F4030D560}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7536BFF8-5111-4F97-9BB6-02F3CFC71EF4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{75B546A4-E2F6-4120-AC13-A60A64CAA8E8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7633BF05-A22D-40A7-A72D-7895E41E2EB5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7654C6A8-8CB2-4639-8769-DD1C737980E6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{76561639-4460-474D-B49C-28DB2E5F8238}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7670CCB8-B99E-483C-AE09-02A2DEDD1594}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{76C05948-525F-4F50-A050-40C4D19CD935}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{76E8D55C-BEA3-4690-89AE-0427B3377E61}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{76FC93B3-D16C-478A-9CD2-FE929688D573}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7725AA6A-01AE-46F0-B0D4-320FDD2B7401}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{77B5123B-566B-49F1-A87F-6802A43DFBE3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{77C518E3-9AEF-420A-AC62-34EA8D148882}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{77FFDDCA-9569-4302-960B-AADABF3D6E65}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7810A1CD-CB20-4052-A193-3CFA3819A421}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{783ABCCA-4951-4490-995D-96961EA03BEB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{78B81BD1-2FC3-478A-AB5D-17B1B4A3147C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{78E11901-1B64-4D79-A188-0294F850BDBA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{78F524A7-E2E7-456A-9B4E-347D572D9702}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{791E6A90-1B19-4B52-87EE-7DE289DBFE65}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{796DF34F-6E11-4B03-B7BB-5DFB9998E6C5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{798877FD-6B43-4967-807C-D31F5A174E2B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{79ED0348-241B-4395-984E-2C480C474371}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7A1912CA-83DA-4394-A1F4-5E01B1D25EA0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7A4E8F9A-1830-4C3A-8377-8F2543C4F751}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7BD1D9E7-C515-425F-A3B7-4260669EA582}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7BF546F2-1032-4204-A56F-26B46B3EE851}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7C0781D0-F99F-4083-94DB-3FC2736E6485}
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 10:02 pm

Part 2

!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7C39B103-2645-43B0-AEB4-6D0B636E8322}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7C740C64-7CF6-4F86-93FD-8CAD1D2E36AD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7CD2CA60-5364-470C-8BD0-44CEBA075631}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7D1248C3-78DA-458C-9186-C48166088303}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7D47D401-2A6D-48CD-8B03-DE376AB32EF5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7DD3BA85-2624-4C22-A14F-9E72FFACD81F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7E08056D-EA21-44A2-904A-75225E4A523B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7E2DE8E8-C5A5-4697-AD93-6C90085D264A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7E4EC4E1-7B6C-41A3-BA46-BCCF7BC6908A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7E8A1FE9-F51D-4B92-A81B-E45ADE85D490}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7EB79114-2C5C-4A7C-BEA6-3484A35DC643}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7EDD714B-75E0-4AE3-A865-34AF1A22FB70}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7F3CD446-6402-43D4-97D5-BE6618B86527}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7F8B9D8F-9197-40DF-A88E-228241753067}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7F9D0769-EC73-4B45-880C-DE2C57835E1A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7FBB3EFE-C562-4362-9FD3-E8A200124752}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{7FBD33FB-1E8F-4137-B02C-B7559A0F2242}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{80423DD2-1DDB-4007-B5DF-548FFB3012D1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8042AAC1-EE3E-41A8-9664-9F5C87996396}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8118CBD3-B866-4876-BC6A-FB88B8FC4361}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{816AF800-1AB8-4E15-A855-487D6A6AC171}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{81A35581-9244-439E-8BDB-51E6D1E00D9E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{824026C0-B516-4224-BD85-B60FAB0BEB2E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{82704C45-544D-4B2D-9F49-AFC4D45013D8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8288E76C-5069-4F6E-A329-E059DF57E12A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{829962E8-8784-4A64-B771-FEAC6140D830}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{83412AFA-7678-45E3-9D19-ECE4606D97F1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{83494864-B1A4-49B0-8279-FB898BC3E579}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{834FE83D-7583-43C2-9EAB-63BB20A968A1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{83538DE0-4A79-48E7-8749-1D987C9F8AEE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{83A2DF6F-8B1D-4785-9C67-2E9D936CBEDD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{83B4CE47-A268-430D-9B11-FCC3BA35948E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{83E70DD3-AF0A-404B-B077-F1C2FDA2F6C8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8480114C-EB70-4CB5-B475-4E7B391777F5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{84DA748D-2180-45E0-A7D1-71BBB341EAE6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{84E6D7D8-C97D-4993-ACD5-7257F215FC2A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{850650D0-E6DE-466B-B98B-39DBFEFB1858}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{850DF1EB-D518-47A7-A49C-89429C439F2A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{850EC324-5AEF-48F6-B53C-D5C867ED81EA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8572FAE9-5E61-49C6-ABC8-0F1FCAC07116}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{85AAB862-B857-43B4-A001-0C9A4890F986}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{85DED99C-76E7-4AD5-92EF-F0CB0EBCF971}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8682BAB3-E060-4279-953A-66DC1E56BAC5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{86837F2D-71C9-4BFB-9B54-27841D359A12}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{86EBA821-4D7D-41BD-BECB-F8A15E328AD2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{87223CD5-B446-4562-A1A1-9F04855569F1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8782493A-4315-4DB1-A0B0-DFBF0B72C335}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{878429E0-76B1-4397-ABD4-0CD8D96CD146}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{87B01C99-46E6-44A8-93AE-1BD78A5410FE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8818D2C5-C53B-404C-9BB4-122C27E6ED14}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{88B03C0E-3D1D-4361-82CF-7CD8124AC276}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{88D2F303-D1BE-4E53-8FCF-688F670135DB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{88E8E183-C44D-43C3-8F36-EA597BCBE745}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{895B6872-59EC-41DB-8403-69835B17E58D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{895BC3FC-F999-4D71-96D2-76F6BD48EB3E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{896AF2F2-156A-431B-B2E7-5A45EFF39F40}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{896C00D1-C07B-4152-950D-AA87EB80D6A7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8994F1CA-6930-40D4-AA3C-9D70DC0195CC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{89A956AB-E5DB-455E-A896-EFFA56435D08}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{89AA0C17-51E6-4FED-B444-5DF5FD52F2C8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{89ED9DE2-6268-4CBF-983F-D66BE306B945}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{89F31AEB-09EE-48A4-8613-7BE620C876AE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{89FD52E6-3125-4A89-BD7E-D531831DD597}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8A20522E-0235-4F41-9FF2-F7A5AF641820}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8A389B0E-F541-413E-B2A5-68274FFCF874}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8A5425B2-B5F1-4D05-ADE9-4CE4FB382C19}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8A95104B-EFB3-4C1C-83C7-DBDA934FECC5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8AEA32AA-2B8F-41E4-ABAD-845DF7645595}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8B280045-3199-41B6-9172-7A1F009861D3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8B48CF72-CF6B-4DC0-ADB2-C4959744AA78}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8BA9B85C-4FD3-4CFE-A567-9A798198FB0A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8BACCDE7-0E50-459D-A46D-D93C1E7DABE0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8C1C8241-DC0C-4AE2-BE8D-D29B4096504C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8C21593A-0EF4-4F61-BD77-14CEEC3BE730}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8C59958C-A11B-49A1-AFE1-13420EC78793}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8C9A3280-23D6-4E00-A423-AE9290C84907}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8CAE275F-B12D-417A-81AD-C28D977728D2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8D45F97A-9A5D-433D-81D9-D9FE9C5F898C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8D5B6D0C-C60B-4E94-8334-2ACBE5F2FE34}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8DFDF613-D4BE-4446-B4A4-543C1628E351}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8DFEEC2C-8ADB-4A5D-9E1A-6B99AC7899C9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8E0679CB-4850-41D3-8AB5-389A0DEB75D4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8E0C4720-49BE-42BE-8B0B-3541DCAE481F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8E331598-DD89-4B77-86C5-75AD2D4B9F1E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8FAB4C77-ED1B-4D11-9368-6F4D712A994C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{8FE1473A-14A1-4094-AEB4-5A5159888E2A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{90124A79-503B-465E-984F-3AC1EF557561}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{905E06AE-FCAE-4374-B874-81C74FBD4E67}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{90EF4009-F7DC-4808-8BFF-832BAECD4989}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{915455E8-3E0D-4B59-8A04-FD400A086DEC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{91A5C49D-DD35-4A57-8A67-47F71CE367CE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{91B77E9C-EFAE-435F-9ED4-5A2C7264BE8C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{91D88356-93F0-4A3A-B047-47DB4157D15A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9210D13B-7066-459B-ABD8-BCF2B7FB5FDF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{925C88B9-DE8A-47B6-BF98-29DDD78DB105}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9293714A-F62C-4E0C-BC65-A4E57AF67FA2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9314725B-C117-4EED-B9C5-19238C41C6B1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{93530740-338D-42C1-9E91-E43AC0AC08FE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9371CAEC-24F8-471F-B550-988CE4659CB7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{93726D84-8B7A-49CA-AB89-4EE3315D133E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9381EC17-F42D-494E-87E8-566D1900ADBC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{938805EE-B90A-44C8-9624-07A1FD68E7EE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{94115242-78C7-4F36-A30B-BEC6A1958A49}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{94A3620E-D8B0-40D9-8560-54FA8634D872}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{950B3F3E-586A-4D21-B1B5-0CD3BBA8760E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{955B8CF3-5F08-42D6-9E60-7BA87FA6206F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{958FE629-1A3D-4B30-957C-F5BA6CC6B06F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{95C67B28-0306-46B8-BA85-2D2BD3DEEEC6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9616554F-2003-414C-81F3-BF2D2E45B9D3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{965C30CE-021C-4822-9142-6D9120A68D0C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9762BD9D-EF9C-4E9F-92DD-DA0F1AD5E6B5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{976AC2A0-6B0A-4BE5-85A1-8923BAB6A9CC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{979A5068-73C2-4732-AC32-41937AC17CB3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{97A80FA1-3F2D-47C5-AD5B-799FBDBEC09B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{97BD9CE3-8BA8-49B8-A431-D37F0ACD2D85}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{97D165B7-A790-4CB3-A400-E22F0721D0C0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{985E7EBD-11DC-4FF0-B2AB-507A61C9BF30}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{98CC666F-10AF-41EB-A436-2A75ABEF284C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{98D4B5DA-92B5-4F5B-B8DC-E37096F85CBE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{98EBFED5-C9C2-449B-A518-A1A94EED16ED}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9A05D9EC-2CF8-4DBA-B7BA-68800928BEDA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9A122124-B536-4B01-B0C0-17173F72C598}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9A22E446-373E-4B64-B491-734BB6338239}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9A7D5319-09E6-45F4-95D7-496E14A62724}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9ABB6039-83A9-4483-B3A1-6B9B810A20C9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9AC357ED-F072-43FE-AB2B-AEC35A84861D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9AC62AEF-0E41-4F09-ADCF-0D49CDFB3FB4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9B788112-6147-48CB-BFE9-3F33F6F52560}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9BB410AF-BCA2-48F6-97A2-4E0CCB7451C2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9BEAD836-B77E-4A9A-9726-4646248771F4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9C1E425F-9B43-4775-96A9-138C2D145A13}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9C59EABB-DD36-4FDF-870E-7D27AD6B915C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9C893DA4-35C0-4437-A2DD-449161169E32}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9D11D165-A8C6-487D-9CE4-7B8394C17BC4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9D14CAAE-964F-4025-8ECA-FB6E0AA2B2E7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9D718F0D-F8F2-4793-92E2-E03123F4408B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9DA83493-17B2-4EDB-80D8-E8DFF31D2F25}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9DFDCC55-B380-42C5-8822-1BCBCFBCB4C1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9E7A76A8-0EA2-48F5-BD90-62EE80D7A01F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9E9F8B9E-35DE-45FF-98C1-A7F9F77AAC4F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9F0188CB-C0E8-4FE0-B810-2557A1192FFE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9F05F65D-D7E2-4678-B487-617F18BD68EC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9F0EF61B-143A-4E8A-AC6C-BC7F5B9EB844}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9F98B9DF-DAA6-419B-AAEC-0808CCD0E933}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{9F9DC9B5-325E-47F7-8EF5-ADC7D027AAB7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A01DA995-65A1-4426-B0C5-2A87FA473DB5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A03D35BA-32F4-4B21-919A-A166EB20F275}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A07F7D38-0C6D-4A76-8EA6-7D084E5A0F57}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A08C7FEF-0C50-40BF-9095-BC86D127B46B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A0AEB1FB-151C-463E-AADC-B20D80DA6F33}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A12DECDB-C734-4386-A4A1-7779FE896895}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A16B8CB2-1F93-4AF7-944A-A14A7702CCE1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A1B77AAC-73B3-4724-BB11-0040FEB620F0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A1CCADC3-953E-42D7-A3BE-DCDA4D92EC77}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A1D40C59-5F5A-4B93-969B-249FB82D2C92}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A1F93144-AF26-46A9-9EC8-5C7E9AADD500}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A265E454-33E7-47F6-B49E-7430D35B9467}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A2CE6E03-B980-4448-AD3D-935FF5154D50}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A3093FF5-E1F5-42CB-8DA5-B5E7AC8533A8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A321031A-A0A1-47BB-8891-BBF63275FA58}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A38606C2-2FFB-4201-9B98-5E980EDCFE36}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A3A6FDDC-4655-4F34-BACF-7DB666D640BE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A3FDC0E8-FD1E-410A-B002-182ADAAB1D9C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A3FE7AE2-3B9F-471F-AA1C-797745CF1953}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A4852067-0652-495B-9563-71E65CACB396}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A4BCD27A-9515-411A-99E6-D909D8BDCAF6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A4C926BA-3DD2-4DFF-80D6-E509C989A9D0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A4CAB23F-9BEF-4C3A-A18C-7EE014FDFD63}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A533D989-D685-429E-81F7-58BE461903CC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A57F9CB2-0239-423F-9F2F-4F2D9FD15B7A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A5BFFB09-2114-49B0-A056-FBBB3C40BF45}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A5E9FAB0-0093-42CC-A277-5D8C65BC7F01}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A5FDD301-C2BA-4F34-9E97-31C09B884903}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A6030194-26E5-4674-ACCE-F6767BC882AC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A62FA17C-C31C-4A5F-A3A7-5CAAE8A2C204}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A63A5219-0C48-43A2-A856-A239EFC70AB7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A6C0BCD1-9CCB-4207-BE8A-29F7E3930034}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A6C4DADC-6177-49DE-822E-F912171568C2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A72E8088-4D01-4B36-BC2D-41491C44A112}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A75C205D-92B0-4711-B2B4-B1D2BF8C9235}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A82A4FBB-8BBF-44E0-A2E3-BF55893C79DB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A84823F6-AF1F-41C3-840E-BC5A12E1AF04}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A84ADA4F-B429-454B-9A86-AED7EA932851}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A84C2733-83B6-4A5D-904F-BCC671721F10}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A8518488-972C-4EDA-A3EF-516F965C95DD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A8BCD5B7-AD48-4B58-93BF-50A5996E1D00}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A8BD6C30-8062-4935-AA22-65AE8064F208}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A8DB1295-2272-4585-B1F0-EA3236335942}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A8F37CB8-F06D-4A50-86C4-78063E7C94CD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A957CE51-2653-4E29-AFC4-002B2E692498}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A9A0067C-FE5E-40C6-AC89-D199D510D5FB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{A9B11572-E393-438B-B400-0A2737973BA2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AA0CB207-20A1-41E6-AE70-451E1BC24EC7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AA2EB7F7-AB62-46E0-9EDF-E6C1D8521C46}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AA6FBBC7-4600-47BD-A4BF-425D8678A3D1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AAAC7ECE-B7EA-4D8E-A76F-72BA83F0C246}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AAB46DDC-5EEA-4749-8F28-2446A2317269}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AAC1CDD4-CDC0-4916-AED7-3B38049222A4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AAFFADF6-95A1-42C1-8F1F-A02F1144B74A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{ABD14E07-B53E-48BD-B020-BA68E146D174}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AC12C18E-BE88-4462-8C0A-8372862A71AB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AC621BB4-3589-4F3E-B2BE-4E8A91F38C09}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AD90977D-3739-4063-90EE-6B6C10601A54}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AE5E3236-BCC0-4109-A3BD-91E395D4CF19}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AE5F3958-616C-4F97-A324-C8A3A8AC8CD6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AE6BABDA-7B81-450D-81BA-025D6EEC6340}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AE71D605-8D20-4934-95F1-FEDFBD3C6383}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AECBC9A7-1651-464D-8004-8FC6DAC797B7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AEE6F43E-F184-41CC-BF51-5688256CF5CF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AF1A549F-4ECA-47DA-A7DE-D1C6D3E2478B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AF2B59BC-59B2-4961-99A4-91A4FF7FE9C4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AF8067D3-28ED-4EAB-92D0-AB3EEC2CD919}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{AFF3B93A-97D1-4569-8791-E5CD9EB284A8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B0A7F6DD-6FC0-42C9-B986-E07F1E20DEA2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B0A9D75F-4C38-455F-A643-401A3E7F2B27}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B0CA4D5D-A5DB-43BA-B4A7-49BCCE30C6A4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B0D6477D-056A-4022-A306-48642341F4D8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B0F32E13-E3A8-4C78-BF45-DC312632410F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B0FFE6D5-9CB6-42D9-B35C-ABE66973A70E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B15F908D-AA2B-449A-88F7-35DF458E15E4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B1BA64D4-1A87-49C8-ADAB-70355828E816}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B20DC777-4A85-4DE0-96CC-2E61BA8410F2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B2112104-2FFA-413A-8351-28353731D919}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B211F57F-462C-4934-A6F8-D8A96141221F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B2293490-F390-428C-8D40-3A51C5296523}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B22B8097-FFAA-45FD-820E-BD0E0DDB27A1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B2791DC8-179A-4F57-B7EA-632C6A197DFB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B2B380D0-E97E-494D-B2C0-C59EEA3C60B7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B335C5C1-B0DE-4E98-B490-CCD30B1E7438}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B401FD49-5036-4B91-92D8-4F9829E4A44F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B4B247AB-29C2-4F32-8910-F0682179CC36}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B548D8CE-37D2-4A3D-905D-AA22247C53BD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B5BC6777-DEF7-4A5E-A46C-F8C2A9A0ED78}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B6835AA2-F567-49A7-883C-4EA1AD358D5B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B6F645CA-471D-4647-968D-2F5BE724E0B9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B739FF0F-BF5A-44E5-8B22-51010D30762D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B7633DA0-553D-4548-8B9C-2950C27F3639}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B7AAF049-BB9B-4751-A2A4-7CD4BBA8C366}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B7C47979-5FB0-469F-B1B6-B08691290060}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B7D09622-4A1F-4F83-88C8-E01A90F23815}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B7D6D130-D0EC-45BF-8240-2F9738C04312}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B83D6890-9A65-4921-9AFF-54E2BD264F61}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B86C388F-44E2-48A8-A123-72837B2F43E7}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B877FAB7-7339-4403-AD8C-3E03534B35D9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B8ED16E5-42A7-494B-AE0A-EAE9956F796E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B927F89B-3E69-4A3E-B7CA-18A555D144D6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B9351C8F-8205-465E-BFE8-3DA225AE9357}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B9764944-E4D2-4758-A044-A518635C8BD1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B9C239D8-6576-40E9-A787-643DA1A0208F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B9C8CB59-1558-4EE3-9188-3F390C5B50DD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{B9F5EAA5-D3E1-4D09-9CBC-25E5FF8BD049}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BA456E18-A196-4CB3-A587-E50262F8E588}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BA640F24-2115-4707-9BC6-1C0D192E8D13}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BA7F61CB-0697-4B4D-A6B1-163F09335F02}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BA7FFD5F-84AF-4720-A162-11AC9047EDB0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BA9A7A7F-B041-40DF-A3DD-CEA16D6ECA84}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BAF496CF-79E4-41E1-B75F-85A2DDED7BF1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BB388B6C-D1D2-40D4-8578-2F5EADA22504}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BB3DD049-8FDF-4568-99EA-9AFE8E43A86E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BBE35CD3-03A3-4AE4-9E71-2F1B36E9ECB2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BC1A1BE2-EC24-47E7-9E00-948A00A7F3CF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BCBF950F-0991-4470-95E7-A2BA128526EE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BCE349C1-46A7-465E-ACFF-0D155B946B70}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BCF1BB77-80E4-4FB9-8F5C-C2E9A033FC79}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BD0D3A5A-7775-4CF8-9235-45D10081BB1D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BD151153-A01D-483B-9CA3-EE16C61DEFEF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BD227E56-1CA7-4D3D-8F26-77326565986A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BDFF8797-6DD6-44F1-970B-037CECCF90F5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BE3F349D-741F-4C35-B4D0-C798E247014E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BF83C348-9714-4CCD-8343-30A2C0A136ED}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BF896271-178A-4B3A-B3E5-B5BE02C44BE1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{BFF7592D-5D37-40FD-ACF9-B4F80094F1DC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C03C5781-1635-4C61-BD70-18496F5914FF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C06E23DE-BCB4-4201-B114-521897E21C14}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C0B6CDC6-276C-4710-A25D-A3E3F3404451}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C0EF07D2-6B8E-491D-A963-ED63D0AB4DC5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C1B8AB0E-38B3-4104-8BB3-96D61C875F68}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C1D6D0C7-54DF-4950-A6A4-0CFE87F796C2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C209556B-9431-4037-A40D-8BAECC1D6B6A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C3387E8B-16F4-4A21-A901-058257FF3E8D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C34587A8-98C5-4802-8D29-C4FAD5514F32}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C373C8C4-2237-4F29-B062-63368773E1A3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C37DACFF-008E-4FF2-B30F-CFBD9F37E08E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C3936066-BE6E-4B0A-9077-2D1640C41951}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C3BDAEBA-2B46-4292-8F41-5449693F210D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C4086C2F-DD2E-4C98-98FF-04CCA995D55D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C436FA69-0C5D-44C7-B5B2-AC38A4A2E777}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C46BEE5F-E942-482B-A0B9-00A609DA43D6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C477498C-2002-4FA1-A975-50A51E48892C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C551F2FA-8D0A-4466-A1BB-CA053272CD27}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C55616F6-F0BF-4CCC-8B40-6E5B081D8609}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C59BB6C3-83AF-412D-BE49-835489E13F90}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C5BCE3D0-5C6C-4913-BEF2-3D5EF0097BA9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C606D592-C77B-43AF-94F8-8318112B9388}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C63290DA-C714-44B1-9F4A-6AA19B94373D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C639DE7E-1EE1-447C-9BCE-BB86C912FE2B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C6A5B00D-9522-463B-AF14-D1846F9F1E1B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C6C570E6-BD12-4E02-B6A2-44D3E0F47CF9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C7247B12-D4DF-4A3C-A5DB-34705F0EC186}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C7A59063-83CD-41B8-9DE6-2F16EA65D697}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C7E4B668-22C1-4B14-9DEA-8DA142B22135}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C80FCDAE-54DA-411B-9AC4-754E8DB31AF3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C86B5FE1-F279-43C8-B3CD-74A87B497BAB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C9313EAE-8874-421D-8C23-0F0DCD01D684}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C9CB67BC-5804-4DA2-9478-ED47AACC42A2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{C9F24E29-C4BE-4883-B28E-2C5F538C8BE1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CA133852-9737-43CC-8255-0CD09C146965}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CA31EF55-87F7-4302-BFA7-6DD2D90A1CC4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CA69C074-D536-4543-B391-123AF4851A5E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CA90641A-FE8E-461A-B332-27FD3763FE3F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CA920112-B675-4CDD-8BC3-1FE0C1CA78E8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CADDB69C-CCF4-4426-A609-27825F5649A9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CAFB4629-D67E-4F01-ACF9-349181BB6EDA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CB5B2194-9D0A-4790-89AF-4815695A0D1C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CBE9B3BD-F407-416A-914D-3A6C70035E95}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CBF967A5-76C0-47EE-B0CF-AA56237BA010}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CBFEF0F5-CB6B-4AE8-AAF8-73E47AC43381}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CC018979-9ACD-41B2-A5C2-C958CF8C641B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CC51FC14-1591-49B9-90B1-B1DFE7BB5683}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CCA08E68-5C8A-474A-8A8F-813BCE744AB3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CD7AB6AA-C46D-4D7E-AEDB-3E9EC5BC8791}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CDD0AA82-7352-4C6E-9B36-3B0F93517B83}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CDD6A242-FFCE-4650-8A27-412C206C1483}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CDD861B3-762E-4208-9FE7-5B4F985DB8F6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CDE24C3B-8CCA-4C4D-8C3E-204F33AEF028}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CE73EA17-A446-4AF4-B2CA-87168C0CBCC6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CEC7B28F-B399-44E6-93B6-A2ABF5017783}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CF5C15A7-DD26-4EF3-905B-577B65438A7C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CF60C6DB-A5C5-45EB-9314-F8A34CA4A963}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CF87C13E-4B9B-4E90-AC62-2F5425F0F7E2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CF95BF6D-C467-4396-B4F5-BFBC51FA5B73}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CF973001-2749-41BE-9261-A2220ECECBC1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CFAF7E14-A1F0-4F8E-A770-777172683888}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CFDB4F7D-AE8E-4380-B566-730EAACCFB9A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{CFE08768-9731-4009-920E-C70798233AC0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D03E195A-C236-4361-97FC-E8B0E997847C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D0467CE2-338B-466B-8FF2-E9ADB6030C23}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D087C00B-FFD9-4A25-A1ED-0DE094A19DF0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D0AAB1A4-6F7A-48A4-BFDD-64C9B59A47EB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D0AEEB26-9E39-40F2-A093-DD1A68838AE3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D0EA0E32-825F-419B-8C81-CF6FAEF8FA24}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D16C48F0-EF1A-4148-8331-F6725E6FE254}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D17C0CB6-C8ED-45A2-B4C5-02E6BA40FE18}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D211D38A-A8F8-4E91-8CE1-DDCC43E94B98}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D2968D64-24C9-4F24-ADF1-5F1F5C7B3B5F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D2E331B3-14AD-4BF2-9E52-3F2CDC655782}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D316571E-54B5-4D88-B8CB-FE5A8787EE39}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D3780492-E987-4E33-B173-F6D8F1C4698A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D3FFA8BD-845E-4D73-893A-FDE38B1BB8F5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D491B6E1-653C-4455-8DE7-2E8E9C106211}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D4D1C16B-B289-4A8E-B010-D815D7B99469}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D4EC6D7F-7221-4085-B542-C4EA662B7DA1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D5C5ACA6-A71B-4E1C-A53D-A5F1D224F668}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D67718AF-1C59-444B-B9BA-A671EC6EFDBE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D678555E-A4CE-4974-944E-4E2AD494269B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D694C23C-FCF5-48D5-9782-6AF38817B61E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D6A687AE-0111-4B09-943C-748A98660F88}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D7090D60-E5DE-423E-81AA-7BB0856B7C73}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D7A41514-34BE-4419-BE6E-F2D2AA5B771C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D7A69850-1EBF-4E8A-88FD-A39431E34E65}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D805BF13-589F-45D7-BF4F-23881BB9F63E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D81944A0-9E84-406A-B4F7-DFD9770AF24C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D842A015-B488-4F57-A43A-424C2F8364C5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D847C576-CC77-4616-B02D-D9D74AB5FF83}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D8EF38DE-E77D-46BF-8271-9DC884F62FFB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{D92774AF-ECA8-4AC0-BF85-37E97A7BA66F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DA76F497-3082-4F5A-82BA-6E5CB96DC37C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DAD1112E-D0EA-41B7-AB70-D9533EC56E12}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DAF8FA0B-F669-4179-975F-427007770600}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DAF96F95-DD37-44D4-8790-B1F0BA817F49}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DB245D70-54E0-43A8-9B5E-1F1932C9726A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DB69DC9F-1FE3-466E-B07F-406BC725C2C1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DBC6B8F4-E1F5-4CB6-A06E-E61CA2027B63}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DC584F9F-D0BB-4C99-9568-504982387C6C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DC818A6D-C6D8-46A1-AE47-66ACCA8D8F5C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DC9DF4DB-E385-40A1-AA8C-45149652F92D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DCDCDA31-BEF0-4C21-A4BD-2F0D80A6845B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DD29B41E-AC1B-4C2C-84CC-0970A22A82A3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DD810203-8D22-4BB8-AE02-18093F385DB0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DE24CA6A-C2E6-47F1-BC89-D398EFFACF86}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DE34C703-3548-440B-A91B-A51B7331E8AA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DF0B6B05-D487-4691-8A5F-49FF0308F8A2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DF1EA3A2-217A-4E49-BE6C-A9002F9D21B9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DF7924EA-9224-444E-8D50-4644B3BBF130}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{DF85A0D9-485C-46BF-B22B-FD31622FFCB8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E0139139-3BD1-446A-B004-1406404E62AF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E03C5482-564A-485C-B88D-D0796D1CCCBD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E07FE383-9D3F-42EF-9D38-4F63BFF017FA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E08D79D1-37A8-4707-BE93-3B7559F3D891}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E12C3CAB-D3BE-440D-873F-DC9243A9225E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E1627218-05E5-45C2-9A5E-366058842197}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E1795EA8-DD60-42F8-84A7-DFD9528B822A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E18BC435-ABB3-427F-AB0F-0311B364A7C3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E19AF6F9-E709-407E-88B8-17CA960CC2E6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E1B5A154-EDB0-405F-A4BB-518472E5F8A6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E21D9D17-99F1-487D-9DBE-823E26CA8F2B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E2854C76-6593-49AC-B1F6-BE98357C17EB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E289FF70-A880-4B70-AE2F-CFC8580BAC37}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E2AE49D4-C4C2-4F56-8DD8-9AF9D9C008EA}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E2AE9E62-B3EC-4C84-BE26-66450026A7C8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E2FBB654-F376-45B5-80E9-570C3B43E672}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E4288785-3F89-4084-8F91-346F45126C60}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E507562C-01CC-4CF2-B54A-8140B522A414}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E53A33CB-C4D7-40B3-AB42-EA4374093E49}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E55DF84A-E1F1-4B8C-B10C-6E7958441E24}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E590606C-2FFB-4CBA-A0D1-54CC76DA3E7D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E5A8997E-C588-431D-8949-A3C3EE45F48C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E5C14137-7C82-4174-9A99-B1BF2FD9FBC1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E608D1DC-5CE5-4AA5-9106-4B9EE1EF09C4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E6EE1082-5FF7-4639-9375-9D0A6A0C7C46}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E7EA1229-E3AF-48FB-A383-9BE92A7635A4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E81BEFCC-09FD-4264-92D8-EB385294778D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E83008CB-96D1-43BA-8D34-308EA531D15A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E87AAFA2-F8A2-4478-9A83-9D02C3487CC5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E8982068-98CA-4D05-9A3A-735C98212C7E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E8AB8105-D045-4891-B9AD-3691D4713524}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E8B8FEFA-8912-4766-A65A-12462CC2ACF0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E8CEFC08-F483-41B5-B1A3-59612A4C8A41}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E8F88AF6-CD5B-46F0-B5C8-A66077F49CF3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E9027E95-144A-4D09-9925-28FD974DEE68}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E9105182-0587-4656-85AF-21223E8B702D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E922447D-1F5B-4B5D-A2DF-EAF1978A4784}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E923F042-14FE-400A-8CC6-340E75ECA434}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E94D2F1A-7046-497E-9BA1-3CCFC347AF44}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{E9F50929-730C-415C-A7A2-B1E4ED167ACB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EA60910A-FE8F-488A-A15F-08869B56CE9B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EA86C1C6-C653-4C35-96E8-B5092413C7C4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EA92A8B0-D39D-4A1A-96A1-E1BB072413AE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EB18A51F-F7E5-4D2E-9F0D-C97848601554}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EB59B48D-5325-49B0-A457-EA6B597246C0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EB6AD867-9E24-46D4-AF46-BFF4B23875A1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EB9BB88B-A970-41C8-B54E-5267645C23FB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EBE98EA2-742D-4790-B50C-F4EDF14A3281}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EBEE1C16-CC39-492A-B971-5F07AA17F413}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EC0961A0-476D-4EC7-9960-E00D1F9F2CA8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EC0DFD20-EE16-4E57-B7C4-37197A7BCDE0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{ECDE4E68-D636-41E9-AAB5-77EB3CEC8183}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{ED957794-CE19-49AA-A1B7-EF22EF64A404}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EDE73E06-D397-45A8-AEC0-3078C223ED39}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EDEE3445-8682-4F39-9F72-82B64C1A7642}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EDF044FF-BB3E-4584-87F6-0107E652FF04}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EE4A17F6-575C-421D-A9FA-3205C541B5DC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EE7A4884-40DB-46E4-846F-A26977D93147}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EEE4F7F8-6DD1-4F01-97B0-61FAE8938648}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EF0F5101-3911-4D7B-87B8-CE56F4230328}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EF2A9ED2-4E11-4377-B85B-B4DDA27AAE40}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EF75EADE-15EF-4037-AEBC-C236CEEE85BC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EFB35D5D-AE41-42D1-A06E-035B9B996531}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EFEA13F3-D01E-4774-904C-B3A0E38E03C9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{EFFB4190-2E19-4198-9C61-DFE30A6B24AE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F02A91B7-9930-431B-9105-5EB3626AF04F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F0686B75-2DEF-4E18-A367-2858BFDE0424}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F068790A-D82E-4AB4-B6DB-A12CAC74443B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F0CC0DDC-CE36-4C87-9A1B-60B4F3EFCAF0}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F0D748D3-50D2-41B0-8D77-14B7B3C9AC46}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F0EEFE1F-175F-4EC9-A104-1FD9302126D2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F0F67838-ECE7-4233-B4B9-0607B3E1E407}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F1053B93-6BCC-4137-908D-535CBC747DC4}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F143E4C7-4E11-4F84-967F-870AED3002BE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F1467C07-2418-4147-A44D-A087755F3368}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F1A558C6-C152-4C86-A852-BC29E75456F8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F20FED10-3AEE-4172-881A-BE4AE3F94452}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F22216D9-2E20-4EF5-B7CB-F4933C06AEB5}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F2628661-E831-4388-A4A8-87F715ED6F9A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F26F6733-5E5A-447C-A5C1-4A07016018B2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F2A98262-3633-4E2B-9777-4F35D968C7E3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F3980413-ACEF-4BCD-8BDA-09355952DF63}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F3AB9940-E3F5-4FD6-BBC8-6E773C1BC8FB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F448D422-6A11-4F73-855D-EE4C8EF61914}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F4675E44-47C0-459D-B9E4-02F31D2FC52C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F46793AA-9A02-45CB-B695-CEA3F5690929}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F490A3F2-E5FF-42BE-BBD9-E87A3BD4036B}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F4D0CBFE-049D-4164-AE41-139F94A1AA90}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F4DB087C-B233-4CA5-AB61-1B16D38AECC6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F4E42028-3E96-44F4-BCE9-DC8EE6D07219}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F4E6AED5-C7CD-4E54-B3DC-82D16CFF0E4D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F5484D19-9D03-418C-873D-52B6BA2A4DCB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F5705CE2-291A-40C4-9584-813BA9C01B83}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F58084F7-53AC-4D4D-84F2-8958CB52AFE8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F5C7AE10-5332-4C17-A11C-CFB52E0D6162}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F607806A-EFE7-46C4-91D7-CF20E445D035}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F629F768-A855-45E4-9467-E9CBBE678383}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F6B7D24F-2211-4607-96BD-7BE4B019D84F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F6C8A84F-8692-467A-85D7-5BFBBB147053}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F6DB50C3-6974-412F-AF3C-2186B54CFAFC}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F7009DDF-B983-4A87-9C00-BE58997FE72F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F7FB847C-4E5E-4C37-B4EF-FE627B39A4B1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F850A043-9431-4C1E-AA93-D78F9E13C82C}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F92131CD-F311-4698-A52D-1417FC490A47}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F9846656-97C2-4761-A588-A740F4EF324F}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{F99D086F-FD34-4B53-945B-116988B5B8FB}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FA47D450-B759-423A-B622-60767122CD40}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FAA2FEEA-B92C-434E-BBBB-249D8362BFD9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FACAF352-B10B-4EE6-97AF-9D7123779ED9}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FACF966D-4F9E-4EC0-9A9D-F1F3707435FD}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FB29465E-DF99-48EC-8583-EBFF34C2345A}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FB45F109-C772-4DDB-9CC8-E750A7274822}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FB5F811B-2D81-450C-ACD1-2EF7DFA9C80D}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FB68B3F3-A461-4BD6-BC44-42400E0992E2}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FC165CFB-CBE5-4A27-B267-D290BD12CD3E}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FC275AFE-E1B6-4887-A831-8E5A44B387B3}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FC556FF6-CBEA-43FE-9612-A3119D4882F6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FC927902-B51B-4F0B-AF1B-9D4A7F4EB757}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FC9A8EEF-74DF-48B1-BA19-6AA1BA5E6BC1}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FCDE27CE-EFE8-4157-91DA-5ED8767047BE}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FD4075DE-B329-443E-9A27-2AE154532390}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FE34B5E1-CF24-4413-991D-8A8CF917ABD8}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FE4092FD-BDE5-4579-AC28-D3F8235FE6BF}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FF01DFAC-A4D4-449A-83A5-CA665691E901}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FFB36F5B-6456-42C1-A3C8-A09871136EC6}
!-->[Hidden] C:\ProgramData\Symantec\SavSubEng\{FFE2B845-1066-4C4B-BD1E-2C6680704700}
!-->[Hidden] C:\ProgramData\Symantec\SRTSP\Quarantine\APB3AF500C.tmp
!-->[Hidden] C:\ProgramData\Symantec\SRTSP\Quarantine\APCFEA3427.tmp
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800000\4DD582CA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800001\4DD582D2.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800002\4DD582D7.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800003\4DD582DA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800004\4DD5830C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800005\4DD5832D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800006\4DD58339.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800007\4DD5834A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800008\4DD58357.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800009\4DD5835B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80000A\4DD58369.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80000B\4DD58370.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80000C\4DD58377.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80000D\4DD5839E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80000E\4DD583A9.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80000F\4DD583AD.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800010\4DD583BE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800011\4DD583CE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800012\4DD583D2.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800013\4DD583D6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800014\4DD583EB.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800015\4DD583FA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800016\4DD583FC.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800017\4DD583FE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800018\4DD58415.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800019\4DD58417.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80001A\4DD5841D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80001B\4DD58420.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80001C\4DD58422.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80001D\4DD58427.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80001E\4DD58429.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80001F\4DD58430.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800020\4DD58432.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800021\4DD58435.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800022\4DD5843A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800023\4DD5843D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800024\4DD58440.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800025\4DD58442.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800026\4DD58445.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800027\4DD58448.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800028\4DD58450.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800029\4DD58453.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80002A\4DD58459.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80002B\4DD5845B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80002C\4DD5845D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80002D\4DD58463.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80002E\4DD58465.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80002F\4DD58467.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800030\4DD5846B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800031\4DD5846D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800032\4DD5846F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800033\4DD58477.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800034\4DD58479.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800035\4DD5847F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800036\4DD58489.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800037\4DD5848C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800038\4DD58490.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800039\4DD5849C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80003A\4DD584A3.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80003B\4DD584A6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80003C\4DD584AA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80003D\4DD584CD.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80003E\4DD584D3.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80003F\4DD584D8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800040\4DD584DE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800041\4DD584E1.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800042\4DD584E5.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800043\4DD584E8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800044\4DD584EA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800045\4DD584F0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800046\4DD584F5.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800047\4DD584F8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800048\4DD584FA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800049\4DD584FE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80004A\4DD58501.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80004B\4DD58504.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80004C\4DD58508.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80004D\4DD58511.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80004E\4DD58515.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80004F\4DD58518.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800050\4DD58520.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800051\4DD58523.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800052\4DD58526.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800053\4DD5852B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800054\4DD58530.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800055\4DD58535.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800056\4DD58539.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800057\4DD5853D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800058\4DD58544.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800059\4DD58548.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80005A\4DD5854A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80005B\4DD5854D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80005C\4DD58554.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80005D\4DD58556.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80005E\4DD58559.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80005F\4DD5855C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800060\4DD5855E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800061\4DD58566.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800062\4DD5856A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800063\4DD58576.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800064\4DD5857C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800065\4DD58580.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800066\4DD58583.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800067\4DD5858A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800068\4DD5858D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800069\4DD58594.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80006A\4DD58599.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80006B\4DD585A0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80006C\4DD585A6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80006D\4DD585A9.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80006E\4DD585B6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80006F\4DD585C0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800070\4DD585C4.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800071\4DD58611.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800072\4DD58615.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800073\4DD5862B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800074\4DD58637.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800075\4DD5863D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800076\4DD58643.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800077\4DD58651.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800078\4DD58655.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800079\4DD5865F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80007A\4DD58666.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80007B\4DD5866D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80007C\4DD58673.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80007D\4DD58677.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80007E\4DD5867D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80007F\4DD58683.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800080\4DD58691.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800081\4DD58696.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800082\4DD5869A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800083\4DD5869E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800084\4DD586A4.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800085\4DD586AA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800086\4DD586AE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800087\4DD586B1.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800088\4DD586B5.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800089\4DD586B9.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80008A\4DD586BE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80008B\4DD586C3.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80008C\4DD586C7.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80008D\4DD586CB.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80008E\4DD586CE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80008F\4DD586D6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800090\4DD586DA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800091\4DD586DE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800092\4DD586E0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800093\4DD586E3.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800094\4DD586E6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800095\4DD586E9.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800096\4DD586ED.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800097\4DD586F0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800098\4DD586F2.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800099\4DD586F5.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80009A\4DD586F8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80009B\4DD586FA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80009C\4DD586FF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80009D\4DD58701.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80009E\4DD58704.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80009F\4DD5872C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A0\4DD5872F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A1\4DD58737.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A2\4DD5873A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A3\4DD5873D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A4\4DD58740.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A5\4DD58743.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A6\4DD58746.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A7\4DD58749.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A8\4DD5874C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000A9\4DD5874F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000AA\4DD58752.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000AB\4DD58754.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000AC\4DD58757.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000AD\4DD5875A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000AE\4DD5875C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000AF\4DD5875F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B0\4DD58763.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B1\4DD58766.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B2\4DD5876A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B3\4DD5876D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B4\4DD58770.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B5\4DD58773.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B6\4DD58777.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B7\4DD5877B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B8\4DD5878D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000B9\4DD58790.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000BA\4DD58793.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000BB\4DD58795.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000BC\4DD5879D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000BD\4DD587A1.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000BE\4DD587A4.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000BF\4DD587A8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C0\4DD587AF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C1\4DD587B5.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C2\4DD587B9.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C3\4DD587BC.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C4\4DD587C3.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C5\4DD587C6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C6\4DD587CA.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C7\4DD587D0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C8\4DD587DF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000C9\4DD587E8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000CA\4DD587EB.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000CB\4DD587F4.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000CC\4DD587F7.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000CD\4DD587FD.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000CE\4DD58801.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000CF\4DD58804.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D0\4DD58811.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D1\4DD58814.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D2\4DD58817.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D3\4DD5881E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D4\4DD58822.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D5\4DD58825.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D6\4DD5882B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D7\4DD5882F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D8\4DD58833.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000D9\4DD58837.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000DA\4DD5883A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000DB\4DD5885E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000DC\4DD58862.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000DD\4DD58864.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000DE\4DD58867.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000DF\4DD5886D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E0\4DD58870.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E1\4DD58874.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E2\4DD58878.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E3\4DD5887F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E4\4DD58882.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E5\4DD58885.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E6\4DD58889.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E7\4DD5888F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E8\4DD58893.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000E9\4DD58897.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000EA\4DD5889A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000EB\4DD5889E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000EC\4DD588AC.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000ED\4DD588B2.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000EE\4DD588BF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000EF\4DD588C2.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F0\4DD588C8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F1\4DD588D0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F2\4DD588D6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F3\4DD588DF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F4\4DD588E2.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F5\4DD588E8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F6\4DD588EB.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F7\4DD58900.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F8\4DD58904.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000F9\4DD58907.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000FA\4DD5890E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000FB\4DD58912.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000FC\4DD58915.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000FD\4DD5891B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000FE\4DD58920.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8000FF\4DD58923.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800100\4DD58926.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800101\4DD5892D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800102\4DD58931.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800103\4DD58934.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800104\4DD5893A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800105\4DD5893D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800106\4DD58940.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800107\4DD58943.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800108\4DD5894A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800109\4DD5894D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80010A\4DD58951.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80010B\4DD58957.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80010C\4DD5895A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80010D\4DD58960.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80010E\4DD5898B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80010F\4DD58994.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800110\4DD58998.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800111\4DD5899B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800112\4DD589A4.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800113\4DD589A8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800114\4DD589AB.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800115\4DD589B0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800116\4DD589B3.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800117\4DD589B7.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800118\4DD589BE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800119\4DD589C2.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80011A\4DD589C6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80011B\4DD589CC.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80011C\4DD589CF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80011D\4DD589D5.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80011E\4DD589D8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80011F\4DD589DE.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800120\4DD589E1.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800121\4DD589E4.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800122\4DD589E8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800123\4DD589EC.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800124\4DD589F0.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800125\4DD589F8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800126\4DD589FF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800127\4DD58A03.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800128\4DD58A06.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800129\4DD58A0A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80012A\4DD58A0D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80012B\4DD58A11.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80012C\4DD58A15.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80012D\4DD58A19.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80012E\4DD58A21.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80012F\4DD58A24.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800130\4DD58A27.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800131\4DD58A2C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800132\4DD58A2F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800133\4DD58A33.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800134\4DD58A36.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800135\4DD58A3B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800136\4DD58A3F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800137\4DD58A43.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800138\4DD58A47.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800139\4DD58A4C.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80013A\4DD58A4F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80013B\4DD58A76.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80013C\4DD58A7F.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80013D\4DD58A83.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80013E\4DD58A87.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80013F\4DD58AB9.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800140\4DD58ABF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800141\4DD58AD2.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800142\4DD58AD6.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800143\4DD58ADB.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800144\4DD58ADF.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800145\4DD58AF5.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800146\4DD58B17.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800147\4DD58B1B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800148\4DD58B28.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800149\4DD58B31.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80014A\4DD58B37.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80014B\4DD58B3A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80014C\4DD58B3E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80014D\4DD58B41.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80014E\4DD58B45.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80014F\4DD58B49.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800150\4DD58B4D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800151\4DD58B51.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800152\4DD58B54.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800153\4DD58B59.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800154\4DD58B5D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800155\4DD58B61.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800156\4DD58B65.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800157\4DD58B68.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800158\4DD58B6B.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800159\4DD58B6E.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80015A\4DD58B71.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80015B\4DD58B74.VBN
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 10:09 pm

Part 3

!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80015C\4DD58B77.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80015D\4DD58B7D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80015E\4DD58B80.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80015F\4DD58B83.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800160\4DD58B86.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800161\4DD58B8A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800162\4DD58B8D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800163\4DD58B90.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800164\4DD58B97.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800165\4DD58B9A.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800166\4DD58B9D.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800167\4DD58BA1.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800168\4DD58BA5.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D800169\4DD58BA8.VBN
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80016A
!-->[Hidden] C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D80016A.VBN
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\04aa2c11bff6308214465bf13941cbb2.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\107ec8f4fc9799a5b6b34c8259b89ab3.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\148df9e7162bcb9335e22a6fd1240c10.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\1aa28395ebc7464937137913fe5f2c45.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\29a787b9dc36822abd863373b30f0996.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\62b07b56cbc96b7580502296b3a37834.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\69ade9936eee8f6265d494b453f499ad.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\8959f027bb184f6531955217e124b131.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\8b84c6370f77397a0e34c308370e7cdb.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\c6cb836adf49085a0d8c8a79e4f62ce7.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\dda662f85d8aa4273a63687938216b9c.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\e728606d338975a1b7f11967811154ee.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\ecc9c8dc738ed3187858a6d1ca872334.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Google\Picasa2Albums\backup\Nov 6, 2010\f8118ffa7622825882734cf1bbd9e2c9.pal
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\14241E4Fd01
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\463A8456d01
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\78CC108Cd01
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\98B524EEd01
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\9CB250D7d01
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\A8A34B66d01
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\B3D467C0d01
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\D7BBFA99d01
!-->[Hidden] C:\Users\ilya\AppData\Local\Mozilla\Firefox\Profiles\vss6nrvn.default\Cache\DB104334d01
!-->[Hidden] C:\Users\ilya\AppData\Local\Temp\~DF1E60.tmp::$DATA
!-->[Hidden] C:\Users\ilya\AppData\Local\Temp\~DF4898.tmp::$DATA
!-->[Hidden] C:\Users\ilya\AppData\Local\Temp\~DF490F.tmp::$DATA
!-->[Hidden] C:\Users\ilya\AppData\Local\Temp\~DF8F20.tmp::$DATA
!-->[Hidden] C:\Users\ilya\AppData\Local\Temp\~DF985E.tmp::$DATA
!-->[Hidden] C:\Users\ilya\AppData\Local\Temp\~DFDE3E.tmp::$DATA
!-->[Hidden] C:\Users\ilya\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-11-06 (10-33-46).txt
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x00057B74, Type: Inline - RelativeJump 0x82696B74-->9C41FC30 [SysPlant.sys]
ntkrnlpa.exe+0x000B50AA, Type: Inline - RelativeJump 0x826F40AA-->826F40B1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8C48, Type: Inline - RelativeJump 0x826F7C48-->826F7BD9 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8E7C, Type: Inline - RelativeJump 0x826F7E7C-->826F7EE3 [ntkrnlpa.exe]
[1136]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1136]Ati2evxx.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1136]Ati2evxx.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1136]Ati2evxx.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1136]Ati2evxx.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1136]Ati2evxx.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1160]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1160]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1160]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1160]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1160]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1160]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1160]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1160]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1160]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1160]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1160]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1160]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1160]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1160]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1160]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1160]svchost.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1160]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1160]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1160]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1160]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1160]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1160]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1160]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1160]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1160]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1160]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1200]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1200]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1200]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1200]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1200]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1200]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1200]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1200]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1200]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1200]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1200]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1200]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1200]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1200]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1200]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1200]svchost.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1200]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1200]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1200]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1200]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1200]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1200]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1200]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1200]svchost.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1200]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1200]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1200]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1200]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1216]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1216]svchost.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1216]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1216]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1216]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1216]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1216]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1216]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1216]svchost.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1216]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1216]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1216]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1216]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1284]spoolsv.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1284]spoolsv.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1284]spoolsv.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1284]spoolsv.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1284]spoolsv.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1324]audiodg.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1324]audiodg.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1324]audiodg.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1324]audiodg.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1324]audiodg.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1324]audiodg.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1324]audiodg.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1324]audiodg.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1324]audiodg.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1324]audiodg.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1324]audiodg.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1324]audiodg.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1324]audiodg.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1324]audiodg.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1324]audiodg.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1324]audiodg.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1324]audiodg.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1324]audiodg.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1324]audiodg.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1324]audiodg.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1324]audiodg.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1324]audiodg.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1324]audiodg.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1324]audiodg.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1324]audiodg.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1332]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1332]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1332]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1332]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1332]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1332]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1332]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1332]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1332]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1332]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1332]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1332]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1332]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1332]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1332]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1332]svchost.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1332]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1332]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1332]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1332]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1332]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1332]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1332]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1332]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1332]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1332]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1392]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1392]svchost.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1392]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1392]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1392]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1392]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1392]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1392]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1392]svchost.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1392]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1392]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1392]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1392]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1464]DockLogin.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1464]DockLogin.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1464]DockLogin.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1464]DockLogin.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1464]DockLogin.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1552]Smc.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1552]Smc.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1552]Smc.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1552]Smc.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1552]Smc.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1552]Smc.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1552]Smc.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1552]Smc.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1552]Smc.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1552]Smc.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1552]Smc.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1552]Smc.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1552]Smc.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1552]Smc.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1552]Smc.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1552]Smc.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1552]Smc.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1552]Smc.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1552]Smc.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1552]Smc.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1552]Smc.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1552]Smc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1552]Smc.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1552]Smc.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1552]Smc.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1552]Smc.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1552]Smc.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1552]Smc.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1560]Ati2evxx.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1560]Ati2evxx.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1560]Ati2evxx.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1560]Ati2evxx.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1560]Ati2evxx.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1576]WUDFHost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1576]WUDFHost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1576]WUDFHost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 10:11 pm

Part 4

[1576]WUDFHost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1576]WUDFHost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1576]WUDFHost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[1644]XPSMiniViewGadget.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1668]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1668]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1668]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1668]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1668]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1668]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1668]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1668]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1668]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1668]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1668]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1668]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1668]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1668]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1668]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1668]svchost.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1668]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1668]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1668]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1668]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1668]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1668]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1668]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1668]svchost.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1668]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1668]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1668]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1668]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1864]ccSvcHst.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1864]ccSvcHst.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1864]ccSvcHst.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1864]ccSvcHst.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[1864]ccSvcHst.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[1932]pctsSvc.exe-->kernel32.dll+0x000446E2, Type: Inline - RelativeJump 0x76BC46E2-->00000000 [kernel32.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1932]pctsSvc.exe-->shell32.dll-->kernel32.dll-->QueueUserWorkItem, Type: IAT modification 0x080E11B0-->00000000 [pctsSvc.exe]
[1960]WLTRYSVC.EXE-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[1960]WLTRYSVC.EXE-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2128]jusched.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2128]jusched.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2128]jusched.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2128]jusched.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2128]jusched.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2128]jusched.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2128]jusched.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2128]jusched.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2128]jusched.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2128]jusched.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2128]jusched.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2128]jusched.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2128]jusched.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2128]jusched.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2128]jusched.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2128]jusched.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2128]jusched.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2128]jusched.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2128]jusched.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2128]jusched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2128]jusched.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2128]jusched.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2128]jusched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2128]jusched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2128]jusched.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2128]jusched.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2128]jusched.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2128]jusched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2128]jusched.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2180]AppleMobileDeviceService.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2196]atashost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2196]atashost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2196]atashost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2196]atashost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2196]atashost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2196]atashost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2196]atashost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2196]atashost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2196]atashost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2196]atashost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2196]atashost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2196]atashost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2196]atashost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2196]atashost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2196]atashost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2196]atashost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2196]atashost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2196]atashost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2196]atashost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2196]atashost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2196]atashost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2196]atashost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2196]atashost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2196]atashost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2220]mDNSResponder.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2220]mDNSResponder.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2220]mDNSResponder.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2220]mDNSResponder.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2220]mDNSResponder.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2236]BDTUpdateService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x0041202C-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C8151C-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C816D0-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C81664-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x00412060-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x00412068-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0041205C-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x00412054-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B71130-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B7119C-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B711BC-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[2236]BDTUpdateService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x00412074-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004120C4-->00000000 [shimeng.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x080E1BFC-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x080E1B30-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x080E1CB0-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x080E1B50-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x080E1CF4-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x080E1B28-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x080E1B2C-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x080E1B70-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x080E1CC0-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x080E125C-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x080E1460-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x080E13B4-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x080E13C0-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x080E130C-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x080E13B8-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2236]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->00000000 [AcGenral.dll]
[2236]BDTUpdateService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[2280]IAANTmon.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2280]IAANTmon.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2280]IAANTmon.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2280]IAANTmon.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2280]IAANTmon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2280]IAANTmon.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2292]firefox.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2292]firefox.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2292]firefox.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2292]firefox.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2292]firefox.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2292]firefox.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2292]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[2292]firefox.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2292]firefox.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2292]firefox.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2292]firefox.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2292]firefox.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2292]firefox.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2292]firefox.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2292]firefox.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2292]firefox.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2292]firefox.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2292]firefox.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2292]firefox.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2292]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77167933-->00000000 [firefox.exe]
[2292]firefox.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2292]firefox.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2292]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2292]firefox.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2292]firefox.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2292]firefox.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2292]firefox.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2292]firefox.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2292]firefox.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2292]firefox.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2292]firefox.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2292]firefox.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2292]firefox.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2412]CCC.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2412]CCC.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2412]CCC.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2412]CCC.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2412]CCC.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2412]CCC.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2412]CCC.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2412]CCC.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2412]CCC.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2412]CCC.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2412]CCC.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2412]CCC.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2412]CCC.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2412]CCC.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2412]CCC.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2412]CCC.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2412]CCC.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2412]CCC.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2412]CCC.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2412]CCC.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2412]CCC.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2412]CCC.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2412]CCC.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2412]CCC.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2412]CCC.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2412]CCC.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2412]CCC.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2412]CCC.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2412]CCC.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2412]CCC.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2412]CCC.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2412]CCC.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2412]CCC.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2436]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2436]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2436]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2436]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2436]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2436]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2436]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2436]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2436]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2436]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2436]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2436]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2436]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2436]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2436]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2436]svchost.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2436]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2436]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2436]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2436]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2436]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2436]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2436]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2436]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2436]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2436]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2540]ccApp.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2540]ccApp.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2540]ccApp.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2540]ccApp.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2540]ccApp.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2540]ccApp.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 10:15 pm

Part 5

[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2540]ccApp.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2540]ccApp.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2540]ccApp.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2540]ccApp.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2540]ccApp.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2540]ccApp.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2608]AdobeARM.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2608]AdobeARM.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2608]AdobeARM.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2688]pctsTray.exe-->kernel32.dll+0x000446E2, Type: Inline - RelativeJump 0x76BC46E2-->00000000 [kernel32.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->shell32.dll-->kernel32.dll-->QueueUserWorkItem, Type: IAT modification 0x080E11B0-->00000000 [pctsTray.exe]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [tbdiag.dll]
[2748]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [tbdiag.dll]
[2748]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77C816A8-->00000000 [tbdiag.dll]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2748]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B7111C-->00000000 [tbdiag.dll]
[2748]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B71110-->00000000 [tbdiag.dll]
[2748]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [tbdiag.dll]
[2748]aim6.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77B710B4-->00000000 [tbdiag.dll]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2748]aim6.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6C941248-->00000000 [tbdiag.dll]
[2748]aim6.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6C9411F8-->00000000 [tbdiag.dll]
[2748]aim6.exe-->mswsock.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x6C941154-->00000000 [tbdiag.dll]
[2748]aim6.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2748]aim6.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2748]aim6.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2748]aim6.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2748]aim6.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2748]aim6.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2748]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [tbdiag.dll]
[2748]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [tbdiag.dll]
[2748]aim6.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x080E1210-->00000000 [tbdiag.dll]
[2748]aim6.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2748]aim6.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [tbdiag.dll]
[2748]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [tbdiag.dll]
[2748]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77D51260-->00000000 [tbdiag.dll]
[2748]aim6.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2748]aim6.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71721484-->00000000 [tbdiag.dll]
[2748]aim6.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x71721418-->00000000 [tbdiag.dll]
[2748]aim6.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x717213EC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71721478-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x4B0D1190-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2868]taskeng.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2868]taskeng.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2868]taskeng.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2868]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2868]taskeng.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2868]taskeng.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2868]taskeng.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2868]taskeng.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2876]Steam.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2876]Steam.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2876]Steam.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2876]Steam.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2876]Steam.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2876]Steam.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2876]Steam.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2876]Steam.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2876]Steam.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2908]PTIM.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2908]PTIM.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2908]PTIM.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2908]PTIM.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2960]ptoneclk.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2960]ptoneclk.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2960]ptoneclk.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->GetScrollInfo, Type: Inline - RelativeJump 0x772B0804-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->GetWindowLongA, Type: Inline - RelativeJump 0x772B93DA-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->GetWindowLongW, Type: Inline - RelativeJump 0x772BF67F-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->SetScrollInfo, Type: Inline - RelativeJump 0x772B8663-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetScrollPos, Type: Inline - RelativeJump 0x772D3A1E-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetScrollRange, Type: Inline - RelativeJump 0x772AE173-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x772B0736-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x772B1F35-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3228]unsecapp.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3228]unsecapp.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3228]unsecapp.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3236]dwm.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3236]dwm.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3236]dwm.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3236]dwm.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3236]dwm.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3236]dwm.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3236]dwm.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3236]dwm.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3272]taskeng.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3272]taskeng.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3272]taskeng.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3272]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3272]taskeng.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 10:18 pm

Part 6

[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3288]explorer.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[3288]explorer.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3288]explorer.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3288]explorer.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3288]explorer.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3288]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3288]explorer.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3288]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3288]explorer.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3288]explorer.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3288]explorer.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3288]explorer.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3288]explorer.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3288]explorer.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3340]SmcGui.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3340]SmcGui.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3340]SmcGui.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3340]SmcGui.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3340]SmcGui.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3524]DellDock.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3524]DellDock.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3524]DellDock.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3524]DellDock.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3524]DellDock.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3524]DellDock.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3524]DellDock.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3524]DellDock.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3524]DellDock.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3524]DellDock.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3524]DellDock.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3524]DellDock.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3524]DellDock.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3524]DellDock.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3524]DellDock.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3524]DellDock.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3524]DellDock.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3524]DellDock.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3524]DellDock.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3524]DellDock.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3524]DellDock.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3524]DellDock.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3524]DellDock.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3524]DellDock.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3524]DellDock.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3616]Hotsync.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3616]Hotsync.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3616]Hotsync.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3616]Hotsync.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3616]Hotsync.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77C816A8-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B7111C-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B71110-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77B710B4-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3672]aolsoftware.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3672]aolsoftware.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3672]aolsoftware.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3672]aolsoftware.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x080E1210-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77D51260-->00000000 [tbdiag.dll]
[3672]aolsoftware.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3672]aolsoftware.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3696]pctsAuxs.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3696]pctsAuxs.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3696]pctsAuxs.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3696]pctsAuxs.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3696]pctsAuxs.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3720]IAAnotif.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3720]IAAnotif.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3720]IAAnotif.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3720]IAAnotif.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3720]IAAnotif.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3804]WLTRAY.EXE-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3804]WLTRAY.EXE-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3812]ptSrv.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3812]ptSrv.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3812]ptSrv.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3812]ptSrv.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3812]ptSrv.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3856]VolPanlu.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3856]VolPanlu.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3856]VolPanlu.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3856]VolPanlu.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3856]VolPanlu.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3892]Ctxfihlp.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3892]Ctxfihlp.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3892]Ctxfihlp.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3892]Ctxfihlp.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3964]MOM.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3964]MOM.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3964]MOM.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3964]MOM.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3964]MOM.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3964]MOM.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3964]MOM.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3964]MOM.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3964]MOM.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3964]MOM.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3964]MOM.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3964]MOM.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3964]MOM.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3964]MOM.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3964]MOM.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3964]MOM.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3964]MOM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3964]MOM.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3964]MOM.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3964]MOM.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3964]MOM.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3964]MOM.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3964]MOM.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3964]MOM.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3964]MOM.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3964]MOM.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3964]MOM.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3964]MOM.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3964]MOM.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3964]MOM.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3964]MOM.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3964]MOM.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [index.dat]
[3972]GoogleDesktop.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3972]GoogleDesktop.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3972]GoogleDesktop.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [index.dat]
[3972]GoogleDesktop.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3972]GoogleDesktop.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 10:22 pm

Part 7

[3972]GoogleDesktop.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3972]GoogleDesktop.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3980]sprtcmd.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3980]sprtcmd.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3996]AAWTray.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3996]AAWTray.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3996]AAWTray.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3996]AAWTray.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3996]AAWTray.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[4068]CTxfispi.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[4068]CTxfispi.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[4068]CTxfispi.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[4068]CTxfispi.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[4068]CTxfispi.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[4352]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[4352]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[4352]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[4352]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[4352]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[4352]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[4352]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[4352]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[4352]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[4352]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[4352]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[4352]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[4352]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[4352]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[4352]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[4352]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[4352]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[4352]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 10:23 pm

Part 8

[4352]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[4352]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[4352]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[4352]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[4352]svchost.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[4352]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[4352]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[4352]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[4352]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [VIRSCAN7.DAT]
[4392]Rtvscan.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[4392]Rtvscan.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[4392]Rtvscan.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [VIRSCAN7.DAT]
[4392]Rtvscan.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[4392]Rtvscan.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[4392]Rtvscan.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[4392]Rtvscan.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[4436]ViewpointService.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[4436]ViewpointService.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[4436]ViewpointService.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[4436]ViewpointService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[4436]ViewpointService.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[4464]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[4464]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[4464]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[4464]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[4464]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[4464]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[4464]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[4464]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[4464]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[4464]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[4464]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[4464]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[4464]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[4464]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[4464]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[4464]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[4464]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[4464]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[4464]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[4464]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[4464]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[4464]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[4464]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[4504]SearchIndexer.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[4504]SearchIndexer.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[4504]SearchIndexer.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[4504]SearchIndexer.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[4504]SearchIndexer.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[4772]CALMAIN.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[4772]CALMAIN.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[4772]CALMAIN.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[4772]CALMAIN.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[4772]CALMAIN.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[4924]wmpnetwk.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[4924]wmpnetwk.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[4924]wmpnetwk.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[4924]wmpnetwk.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[4924]wmpnetwk.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[5036]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[5036]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[5036]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[5036]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[5036]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[5036]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[5036]taskeng.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[5036]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[5036]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[5036]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[5036]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[5036]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[5036]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[5036]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[5036]taskeng.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[5036]taskeng.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[5036]taskeng.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[5036]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[5036]taskeng.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[5036]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[5036]taskeng.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[5036]taskeng.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[5036]taskeng.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[5036]taskeng.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[5036]taskeng.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[540]BCMWLTRY.EXE-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[5444]SteamService.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[5444]SteamService.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[5444]SteamService.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[5444]SteamService.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[5444]SteamService.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[5444]SteamService.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[5444]SteamService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[5444]SteamService.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[5444]SteamService.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[5444]SteamService.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[5444]SteamService.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[5444]SteamService.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[5444]SteamService.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[5444]SteamService.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[5444]SteamService.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[5444]SteamService.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[5444]SteamService.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[5444]SteamService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[5444]SteamService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[5444]SteamService.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[5444]SteamService.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[5444]SteamService.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[5444]SteamService.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[5444]SteamService.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[5444]SteamService.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[5444]SteamService.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[5444]SteamService.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[5444]SteamService.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[5444]SteamService.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[5516]plugin-container.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[5516]plugin-container.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[5516]plugin-container.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby strelok31 » November 6th, 2010, 10:27 pm

Part 9

[5516]plugin-container.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[5516]plugin-container.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[5516]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x772C1417-->00000000 [xul.dll]
[5516]plugin-container.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[5596]sprtsvc.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[5596]sprtsvc.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[5596]sprtsvc.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[5596]sprtsvc.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[5596]sprtsvc.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[5612]iPodService.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[5612]iPodService.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[5612]iPodService.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[5612]iPodService.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[5612]iPodService.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[5612]iPodService.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[5612]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[5612]iPodService.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[5612]iPodService.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[5612]iPodService.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[5612]iPodService.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[5612]iPodService.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[5612]iPodService.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[5612]iPodService.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[5612]iPodService.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[5612]iPodService.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[5612]iPodService.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[5612]iPodService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[5612]iPodService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[5612]iPodService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[5612]iPodService.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[5612]iPodService.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[5612]iPodService.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[5612]iPodService.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[5612]iPodService.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[5612]iPodService.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[5612]iPodService.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[564]csrss.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x77198008-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x77198048-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x77199438-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x77198428-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x77198CF8-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x77198F18-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x77199088-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x77199128-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[564]csrss.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[572]AAWService.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[572]AAWService.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[572]AAWService.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[572]AAWService.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[572]AAWService.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[572]AAWService.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[572]AAWService.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[572]AAWService.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[572]AAWService.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[572]AAWService.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[572]AAWService.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[572]AAWService.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[572]AAWService.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[572]AAWService.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[572]AAWService.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[572]AAWService.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[572]AAWService.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[572]AAWService.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[572]AAWService.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[572]AAWService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[572]AAWService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[572]AAWService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[572]AAWService.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[572]AAWService.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[572]AAWService.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[572]AAWService.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[572]AAWService.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[572]AAWService.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[6104]WmiPrvSE.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[6104]WmiPrvSE.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[6104]WmiPrvSE.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[6104]WmiPrvSE.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[620]csrss.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x77198008-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x77198048-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x77199438-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x77198428-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x77198CF8-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x77198F18-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x77199088-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x77199128-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[620]csrss.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[628]wininit.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[628]wininit.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[628]wininit.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[628]wininit.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[628]wininit.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[628]wininit.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[628]wininit.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[628]wininit.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[628]wininit.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[628]wininit.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[628]wininit.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[628]wininit.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[628]wininit.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[628]wininit.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[628]wininit.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[628]wininit.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[628]wininit.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[628]wininit.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[628]wininit.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[628]wininit.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[628]wininit.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[628]wininit.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[628]wininit.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[628]wininit.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[628]wininit.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[628]wininit.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[6344]SavUI.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[6344]SavUI.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[6344]SavUI.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[6344]SavUI.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[6344]SavUI.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[6344]SavUI.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[6344]SavUI.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[6344]SavUI.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[6344]SavUI.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[6344]SavUI.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[6344]SavUI.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[6344]SavUI.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[6344]SavUI.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[6344]SavUI.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[6344]SavUI.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[6344]SavUI.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[6344]SavUI.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[6344]SavUI.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[6344]SavUI.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[6344]SavUI.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[6344]SavUI.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[6344]SavUI.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[6344]SavUI.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[6344]SavUI.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[6344]SavUI.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[6344]SavUI.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[6344]SavUI.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[6344]SavUI.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[6344]SavUI.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[6344]SavUI.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[6344]SavUI.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[6364]wuauclt.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[6364]wuauclt.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[6364]wuauclt.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[6364]wuauclt.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[6364]wuauclt.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[668]services.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[668]services.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[668]services.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[668]services.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[668]services.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[668]services.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[668]services.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[668]services.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[668]services.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[668]services.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[668]services.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[668]services.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[668]services.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[668]services.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[668]services.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[668]services.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[668]services.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[668]services.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[668]services.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[668]services.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[668]services.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[668]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[668]services.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[668]services.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[668]services.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[668]services.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[700]lsass.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[700]lsass.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[700]lsass.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[700]lsass.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[700]lsass.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[700]lsass.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[700]lsass.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[700]lsass.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[700]lsass.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[700]lsass.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[700]lsass.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[700]lsass.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[700]lsass.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[700]lsass.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[700]lsass.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[700]lsass.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[700]lsass.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[700]lsass.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[700]lsass.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[700]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[700]lsass.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[700]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[700]lsass.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[700]lsass.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[700]lsass.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[700]lsass.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[708]winlogon.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x77198008-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x77198048-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - DirectJump 0x77199438-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x77198428-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x77198CF8-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x77198F18-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x77199088-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x77199128-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[708]winlogon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[7136]jucheck.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[7136]jucheck.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[7136]jucheck.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[7136]jucheck.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[7136]jucheck.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[7136]jucheck.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[7136]jucheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[7136]jucheck.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[7136]jucheck.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[7136]jucheck.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[7136]jucheck.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[7136]jucheck.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[7136]jucheck.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[7136]jucheck.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[7136]jucheck.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[7136]jucheck.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[7136]jucheck.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[7136]jucheck.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[7136]jucheck.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[7136]jucheck.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[7136]jucheck.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[7136]jucheck.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[7136]jucheck.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[7136]jucheck.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[7136]jucheck.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[7136]jucheck.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[7136]jucheck.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[7136]jucheck.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[7136]jucheck.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[7136]jucheck.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[7136]jucheck.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[744]lsm.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[744]lsm.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[744]lsm.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[744]lsm.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[744]lsm.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[744]lsm.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[744]lsm.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[744]lsm.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[744]lsm.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[744]lsm.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[744]lsm.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[744]lsm.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[744]lsm.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[744]lsm.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[744]lsm.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[744]lsm.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[744]lsm.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[744]lsm.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[744]lsm.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[744]lsm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[744]lsm.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[744]lsm.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[744]lsm.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[896]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[896]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[896]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[896]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[896]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[896]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[956]svchost.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[956]svchost.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[956]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[956]svchost.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[956]svchost.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[956]svchost.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[956]svchost.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[956]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[956]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[956]svchost.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[956]svchost.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[956]svchost.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[956]svchost.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
strelok31
Regular Member
 
Posts: 45
Joined: October 30th, 2010, 5:31 pm

Re: Please help remove Malware from my PC

Unread postby deltalima » November 7th, 2010, 5:04 pm

Hi strelok31,

I get alerts from Symantec Anti-Virus and Spyware Doctor that the risks was blocked. The risk is called Downloader. Spyware Doctor called it Downloader.Generic.


If possible, please copy and paste the details from one of each of these alerts in your next reply.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Windows\System32\a3d.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Please let me know if Malwarebytes' Anti-Malware is still installed on this computer, the uninstall list you posted does not show it installed but the RKU log shows that it has been recently run.

I must ask you not to install any software or make any changes to the computer unless I ask you to.

Please post the contents of the file

C:\Users\ilya\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-11-06 (10-33-46).txt in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware