Done. RKU and MBAM.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF733E000 btkrnl.sys 1245184 bytes (WIDCOMM, Inc., Bluetooth Protocol Driver for Windows 2000)
0xF69CF000 C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6927000 C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7488000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBAC8B000 C:\WINDOWS\System32\DRIVERS\HSF_V124.sys 491520 bytes (Conexant, V124NT driver)
0xF6843000 C:\WINDOWS\system32\drivers\smwdm.sys 479232 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEEBF7000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBADED000 C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys 393216 bytes (Conexant, K56NT driver)
0xF6799000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBF9D6000 C:\WINDOWS\System32\ati2dvaa.dll 380928 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF68CC000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xEED1F000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBAD6E000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF6B5F000 C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys 327680 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xBAEBA000 C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys 290816 bytes (Conexant, Fallback driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBA707000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF675E000 C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 241664 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xF6AF1000 C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xBAF01000 C:\WINDOWS\system32\drivers\btslbcsp.sys 204800 bytes (WIDCOMM, Inc., Bluetooth Serial Driver for Windows 2000)
0xBAD3D000 C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys 200704 bytes (Conexant, FaxNT driver)
0xF7614000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF75D5000 SSIDRV.SYS 188416 bytes (Webroot Software, Inc. (
www.webroot.com), Spy Sweeper Interdiction Driver)
0xBAF83000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF75A8000 C:\WINDOWS\SYSTEM32\Drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBA164000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEEC8F000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEECDC000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEEBD1000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF681F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6B27000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6ACE000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEECBA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7551000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7589000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBAE9D000 C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys 118784 bytes (Conexant, FSKsNT driver)
0xEED04000 C:\WINDOWS\system32\drivers\pwipf6.sys 110592 bytes (Privacyware/PWI, Inc., pwipf6)
0xF746E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7571000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7528000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6808000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA956000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF68B8000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6B4B000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEED78000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7515000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBAD2B000 C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys 73728 bytes (Conexant, SpkpNT driver)
0xF753F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7603000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF67F7000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF4D17000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7703000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF78C3000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF6F39000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7713000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xECF12000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF3A13000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76C3000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7743000 C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys 53248 bytes (Conexant, TonesNT driver)
0xF78D3000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF6F29000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76A3000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6F09000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76D3000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF39B3000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7723000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7693000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6F19000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7683000 ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (
www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF7663000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF3A33000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6EE9000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76B3000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xED469000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xED499000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF78A3000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF78B3000 C:\WINDOWS\system32\DRIVERS\LNE100V5.sys 36864 bytes (LinkSys Group Inc., Linksys LNE100TX(v5) Fast Ethernet Adapter NDIS5 Driver)
0xF6EF9000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF39E3000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA880000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7673000 SSHRMD.SYS 36864 bytes (Webroot Software, Inc. (
www.webroot.com), Spy Sweeper Mini Driver)
0xF2F66000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF791B000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF3579000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7953000 C:\WINDOWS\system32\DRIVERS\pctnullport.sys 32768 bytes (PCTEL Inc., Null-modem emulator)
0xF7913000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7923000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xED60F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78EB000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF795B000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xED074000 C:\WINDOWS\system32\drivers\btserial.sys 24576 bytes
0xF793B000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7963000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF790B000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF3589000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF3599000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF3581000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78F3000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7943000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF794B000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF352B000 C:\WINDOWS\System32\Drivers\tcpipBM.SYS 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0xF78E3000 C:\WINDOWS\SYSTEM32\Drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF4AD6000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xED91F000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBABB3000 C:\WINDOWS\system32\GTNDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xF34DB000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF50E1000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF730A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A73000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF4D8A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEEDDB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBAF4B000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF50E5000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72FE000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF2FBA000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 12288 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF34CB000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF34C3000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B9B000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7BA5000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7BA1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B63000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF3563000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xED08E000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF3561000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B9F000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B9D000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7BA3000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B97000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B65000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D2D000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7DA5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF3490000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C2B000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7D2C000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)
0x86B47278 unknown_irp_handler 3464 bytes
0x86BA5360 unknown_irp_handler 3232 bytes
0x86B6E3C8 unknown_irp_handler 3128 bytes
0x86B923E0 unknown_irp_handler 3104 bytes
0x86BA1410 unknown_irp_handler 3056 bytes
0x86B936E0 unknown_irp_handler 2336 bytes
0x86B396E8 unknown_irp_handler 2328 bytes
0x86B4B710 unknown_irp_handler 2288 bytes
0x86B35718 unknown_irp_handler 2280 bytes
0x86B74788 unknown_irp_handler 2168 bytes
0x86B44880 unknown_irp_handler 1920 bytes
0x86B8A968 unknown_irp_handler 1688 bytes
!!!!!!!!!!!Hidden driver: 0x86F00AEA ?_empty_? 1302 bytes
0x86B51B10 unknown_irp_handler 1264 bytes
0x86879BA0 unknown_irp_handler 1120 bytes
0x86B72BF8 unknown_irp_handler 1032 bytes
0x86B70BF8 unknown_irp_handler 1032 bytes
0x86B38CF0 unknown_irp_handler 784 bytes
0x86B42CF0 unknown_irp_handler 784 bytes
0x86B80CF0 unknown_irp_handler 784 bytes
0x86B3FCF0 unknown_irp_handler 784 bytes
0x86B50CF0 unknown_irp_handler 784 bytes
0x86B58CF0 unknown_irp_handler 784 bytes
0x86F00D01 unknown_irp_handler 767 bytes
0x86B78E88 unknown_irp_handler 376 bytes
0x86B49E88 unknown_irp_handler 376 bytes
0x86BA8E88 unknown_irp_handler 376 bytes
0x86B5DE88 unknown_irp_handler 376 bytes
0x86B57E98 unknown_irp_handler 360 bytes
!!!!!!!!!!!Hidden driver: 0x86F713B0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF7571000 WARNING: suspicious driver modification [atapi.sys::0x86F00AEA]
0x05DA0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 1077248 bytes
0x05D40000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 126976 bytes
0x0E740000 Hidden Image-->System.EnterpriseServices.Wrapper.dll [ EPROCESS 0x85D25918 ] PID: 2272, 126976 bytes
0x0E440000 Hidden Image-->System.Runtime.Serialization.Formatters.Soap.dll [ EPROCESS 0x85D25918 ] PID: 2272, 143360 bytes
0x035E0000 Hidden Image-->System.XML.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 2060288 bytes
0x04950000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 266240 bytes
0x046A0000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 270336 bytes
0x05310000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x85D25918 ] PID: 2272, 270336 bytes
0x06150000 Hidden Image-->log4net.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 282624 bytes
0x04370000 Hidden Image-->System.Data.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 2961408 bytes
0x08ED0000 Hidden Image-->System.Data.dll [ EPROCESS 0x85D25918 ] PID: 2272, 2961408 bytes
0x052A0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 307200 bytes
0x03810000 Hidden Image-->System.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 3158016 bytes
0xF7673000 WARNING: Virus alike driver modification [SSHRMD.SYS], 36864 bytes
0x06D10000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 421888 bytes
0x03570000 Hidden Image-->System.configuration.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 438272 bytes
0x012D0000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 471040 bytes
0x04790000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 479232 bytes
0x067A0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 479232 bytes
0x05670000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 5033984 bytes
0x07050000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x85D25918 ] PID: 2272, 5033984 bytes
0x01240000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 53248 bytes
0x05BD0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 634880 bytes
0x01280000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 77824 bytes
0x042A0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x86B0B540 ] PID: 1888, 778240 bytes
0x07690000 Hidden Image-->System.Web.Services.dll [ EPROCESS 0x85D25918 ] PID: 2272, 847872 bytes
0x034E0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x86B0B540 ] PID: 1888, 86016 bytes
0x06600000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x86B0B540 ] PID: 1888, 872448 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B6FC, Type: Inline - RelativeJump 0x804E26FC-->804E26AD [ntoskrnl.exe]
ntoskrnl.exe+0x0000B988, Type: Inline - RelativeCall 0x804E2988-->CED52238 [unknown_code_page]
ntoskrnl.exe+0x0000B9F0, Type: Inline - RelativeJump 0x804E29F0-->804E29E3 [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xEED5E460-->86F8AA08 [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF2F6BB1C-->86F8A910 [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF2F6BB28-->86F8AA08 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1060]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1060]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1060]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1060]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1060]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1060]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1060]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1060]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1152]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1152]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1152]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1152]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1152]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1292]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1292]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1292]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1292]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1292]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1356]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1356]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1356]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1356]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1356]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1356]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1356]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1620]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[164]RDVCHG.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1656]SSU.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1656]SSU.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [SSU.exe]
[1656]SSU.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1656]SSU.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1656]SSU.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1656]SSU.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1656]SSU.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [SSU.exe]
[1656]SSU.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1656]SSU.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [SSU.exe]
[1656]SSU.exe-->kernel32.dll-->VirtualFree, Type: Inline - RelativeJump 0x7C809B84-->00000000 [SSU.exe]
[1656]SSU.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [SSU.exe]
[1656]SSU.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E485-->00000000 [SSU.exe]
[1656]SSU.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1704]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1704]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1704]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1704]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1704]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1704]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1704]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1740]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1740]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1740]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1740]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1740]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1740]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1740]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1760]btwdins.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1784]WLService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1784]WLService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1784]WLService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1784]WLService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1784]WLService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1784]WLService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1784]WLService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1816]WLanCfgG.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1828]FsUsbExService.Exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1868]ijplmsvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1888]IntuitUpdateService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1920]jqs.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1920]jqs.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1920]jqs.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1920]jqs.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1920]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1920]jqs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1920]jqs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[2032]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[2032]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[2032]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[2032]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[2032]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[2032]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[2032]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[2272]SpySweeperUI.exe-->kernel32.dll+0x000106F1, Type: Inline - RelativeJump 0x7C8106F1-->00000000 [kernel32.dll]
[2520]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2520]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2520]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2520]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2520]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2520]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2520]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2520]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2520]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2520]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2520]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2520]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2520]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2520]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2520]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2520]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2520]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2520]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2520]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2520]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2520]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2520]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2520]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2520]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2520]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2520]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2520]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2520]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[2520]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[256]SpySweeper.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[256]SpySweeper.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[2808]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2808]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2808]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2808]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2808]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2808]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2808]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2808]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2808]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2808]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2808]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2808]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2808]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2808]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2808]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2808]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2808]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2808]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2808]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2808]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2808]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2808]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2808]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2808]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2808]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2808]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2808]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2808]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2808]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2808]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2808]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2808]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2808]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2808]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2808]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2808]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3056]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3056]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3056]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3056]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3056]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3056]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3056]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3056]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3608]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3608]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3608]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3608]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3608]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3608]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3608]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3608]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3612]explorer.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3612]explorer.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3612]explorer.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3612]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3612]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3612]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3612]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3612]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3612]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3612]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3612]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3612]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3612]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[380]BJMYPRT.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3912]jusched.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3912]jusched.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3912]jusched.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3912]jusched.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3912]jusched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3912]jusched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3912]jusched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[4036]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[676]winlogon.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[676]winlogon.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[676]winlogon.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[676]winlogon.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[676]winlogon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[676]winlogon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[676]winlogon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[724]services.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[724]services.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[724]services.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[724]services.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[724]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[724]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[724]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[736]lsass.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[736]lsass.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[736]lsass.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[736]lsass.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[736]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[736]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[736]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[840]alg.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[840]alg.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[840]alg.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[840]alg.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[840]alg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[840]alg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[840]alg.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[888]WRConsumerService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[904]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[904]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[904]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[904]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[904]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[904]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[904]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[988]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.orgDatabase version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/23/2010 7:27:22 PM
mbam-log-2010-06-23 (19-27-22).txt
Scan type: Quick scan
Objects scanned: 137168
Time elapsed: 17 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)