Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer crashing issues (possibly rootkit related)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 29th, 2010, 10:09 am

Hi deltalima,
here's the Rootkit Unhooker log, it reported that there were possible infections. Took me 3 complete runs before being able to save the logfile so haven't started the GMER scan again yet.

/** Rootkit Unhooker log

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB59B4000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10235904 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 )

0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6434816 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 197.45 )

0xAE3DB000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4227072 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT kjerne og system)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Win32-driver for flere brukere)

0xB7DCB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA87EE000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0xAE1D0000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB578E000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xAE303000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB58EE000 C:\WINDOWS\system32\DRIVERS\RT61.sys 356352 bytes (Ralink Technology Inc., Ralink 802.11 Wireless Adapter Driver)

0xA81EB000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xB587B000 C:\WINDOWS\System32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA7977000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB7E6F000 PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)

0xB5844000 C:\WINDOWS\System32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)

0xB57EC000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-driver for NT)

0xA836B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB7D9E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xAE240000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB58C6000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xAE2DB000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB7F03000 dmio.sys 155648 bytes (Microsoft Corporation, VERITAS Software, NT Disk Manager I/U-driver)

0xAE2B5000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xAE3B7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB5968000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB5945000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA7DE6000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))

0xAE26B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB7F59000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB7F29000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-diskdriver)

0xB7D84000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xA87D5000 C:\WINDOWS\System32\Drivers\dump_nvata.sys 102400 bytes

0xB7ED2000 nvata.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) IDE Performance Driver)

0xB7EEB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB7EBA000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xB7E58000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB582D000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA84D0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB598C000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver for parallell port)

0xB59A0000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xAE35C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB7EA8000 sr.sys 73728 bytes (Microsoft Corporation, Filsystemfilterdriver for Systemgjenoppretting)

0xA8332000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)

0xB7F48000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-enumerator)

0xB581C000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xA9522000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xB7683000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xB76A3000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Driver for serielle enheter)

0xB1482000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xB7673000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio filterdriver)

0xB8268000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xB0958000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xB80B8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xB8118000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xB7663000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volumdriver for skyggekopi)

0xA9532000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xB8288000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xB0908000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-kryptografidriver)

0xB7693000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xB80F8000 jraid.sys 45056 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)

0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xB8278000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xB82B8000 C:\WINDOWS\system32\DRIVERS\tap0801.sys 45056 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)

0xB76B3000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Prosessorenhetsdriver)

0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA-bussdriver)

0xB82D8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xB82A8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xB8108000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xA9542000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xB8298000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xB0938000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB0275000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xB82C8000 C:\WINDOWS\System32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)

0xB0928000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xA959A000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)

0xB055B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xB054B000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xB8340000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xB84A8000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xB0E42000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xA95A2000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)

0xB8328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xA91D2000 C:\Programfiler\Spyware Doctor\PCTSDInj32.sys 28672 bytes

0xB8380000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Driver for tastaturklasse)

0xB8388000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver for musklasse)

0xB83A0000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)

0xB056B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xB0E5A000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xB0563000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xB8370000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xB8378000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)

0xB8368000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xB84B0000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xA91CA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xAA1A1000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID-musfilterdriver)

0xB8578000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xAA4CE000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xB8558000 C:\WINDOWS\System32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)

0xB7741000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xA9B8B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xB7739000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)

0xAA1A9000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xAA19D000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID-musfilterdriver)

0xB855C000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xB05DA000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB05C2000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xB860E000 C:\WINDOWS\System32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)

0xB8604000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xB85DC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xB8602000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xB85AE000 JGOGO.sys 8192 bytes (JMicron , SCSI Port upper filter driver)

0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xB8606000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xB861A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM parallelldriver)

0xB8608000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xB8610000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xB8600000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xB85AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xB8724000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xA8C93000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xAFFA5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generisk PCI IDE-bussdriver)

==============================================

>Stealth

==============================================

0x88A75914 Unknown page with executable code, 1772 bytes

0x88A7A78F Unknown page with executable code, 2161 bytes

0x88A73702 Unknown page with executable code, 2302 bytes

0x88A5B66A Unknown page with executable code, 2454 bytes

0x88A7C48A Unknown page with executable code, 2934 bytes

0x88A09453 Unknown page with executable code, 2989 bytes

0x88A74373 Unknown page with executable code, 3213 bytes

0x88A8C136 Unknown page with executable code, 3786 bytes

0x88A440AD Unknown page with executable code, 3923 bytes

0x88A8CE4C Unknown page with executable code, 436 bytes

0x88A73E14 Unknown page with executable code, 492 bytes

0x88C0651C Unknown thread object [ ETHREAD 0x89B11DA8 ] , 600 bytes

0x88A2C641 Unknown thread object [ ETHREAD 0x89292DA8 ] , 600 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\applets.zip

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\COPYRIGHT

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\demos.zip

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\javadb.msi

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\jre.msi

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\jre1041.MST

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\jre2052.MST

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\RegUtils

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\src.zip

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\tools.zip

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\zipper.exe

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\TEMPLATEWIZARD2$FORMLISTENER.CLASS0\sym.sdupk

!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\TOOLS.ZI-33bc\jvmti.h

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0002D570, Type: Inline - RelativeJump 0x80504570-->D7E2902E [unknown_code_page]

ntkrnlpa.exe+0x0002D76C, Type: Inline - RelativeJump 0x8050476C-->E2A8E42A [unknown_code_page]

ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]

[1000]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1000]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1124]PrintCtrl.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1152]nvsvc32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1188]pctsTray.exe-->kernel32.dll+0x000106F1, Type: Inline - PushRet 0x7C8106F1-->00000000 [unknown_code_page]

[1188]pctsTray.exe-->wsock32.dll-->recv, Type: IAT modification 0x004C22F0-->00000000 [wsock32.dll]

[1188]pctsTray.exe-->wsock32.dll-->recvfrom, Type: IAT modification 0x004C22EC-->00000000 [wsock32.dll]

[1188]pctsTray.exe-->wsock32.dll-->setsockopt, Type: IAT modification 0x004C22DC-->00000000 [wsock32.dll]

[1192]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1192]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1244]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]

[1284]NMBgMonitor.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]

[1292]ctfmon.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1340]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1492]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1500]pctsAuxs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1536]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1588]pctsSvc.exe-->wsock32.dll-->recv, Type: IAT modification 0x004E7590-->00000000 [wsock32.dll]

[1588]pctsSvc.exe-->wsock32.dll-->recvfrom, Type: IAT modification 0x004E758C-->00000000 [wsock32.dll]

[1588]pctsSvc.exe-->wsock32.dll-->setsockopt, Type: IAT modification 0x004E757C-->00000000 [wsock32.dll]

[1636]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1636]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1812]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[1988]jqs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1988]jqs.exe-->ws2_32.dll-->WSACloseEvent, Type: IAT modification 0x004172A8-->00000000 [ws2_32.dll]

[1988]jqs.exe-->ws2_32.dll-->WSACreateEvent, Type: IAT modification 0x004172E8-->00000000 [ws2_32.dll]

[1988]jqs.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x004172C0-->00000000 [ws2_32.dll]

[1988]jqs.exe-->ws2_32.dll-->WSAResetEvent, Type: IAT modification 0x004172E4-->00000000 [ws2_32.dll]

[1988]jqs.exe-->ws2_32.dll-->WSASetEvent, Type: IAT modification 0x004172DC-->00000000 [ws2_32.dll]

[1988]jqs.exe-->ws2_32.dll-->WSAWaitForMultipleEvents, Type: IAT modification 0x004172E0-->00000000 [ws2_32.dll]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[2036]BDTUpdateService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[2180]sqlbrowser.exe-->ws2_32.dll-->WSAEnumProtocolsW, Type: IAT modification 0x010012A0-->00000000 [ws2_32.dll]

[2180]sqlbrowser.exe-->ws2_32.dll-->WSARecvFrom, Type: IAT modification 0x0100129C-->00000000 [ws2_32.dll]

[2180]sqlbrowser.exe-->ws2_32.dll-->WSASendTo, Type: IAT modification 0x010012B4-->00000000 [ws2_32.dll]

[2180]sqlbrowser.exe-->ws2_32.dll-->WSASocketW, Type: IAT modification 0x01001298-->00000000 [ws2_32.dll]

[2212]sqlwriter.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[2212]sqlwriter.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]

[2520]wscntfy.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]

[284]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->00000000 [shimeng.dll]

[284]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[284]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[284]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[284]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[284]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[284]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[284]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40B414B0-->00000000 [shimeng.dll]

[284]explorer.exe-->wsock32.dll+0x00001064, Type: Inline - RelativeJump 0x01771064-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000111F, Type: Inline - RelativeCall 0x0177111F-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000113F, Type: Inline - PushRet 0x0177113F-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001188, Type: Inline - RelativeCall 0x01771188-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001199, Type: Inline - PushRet 0x01771199-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000119A, Type: Inline - RelativeJump 0x0177119A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000011A4, Type: Inline - RelativeCall 0x017711A4-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000011BB, Type: Inline - RelativeJump 0x017711BB-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000011D3, Type: Inline - PushRet 0x017711D3-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000011DC, Type: Inline - RelativeCall 0x017711DC-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001200, Type: Inline - RelativeJump 0x01771200-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001216, Type: Inline - RelativeJump 0x01771216-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000124D, Type: Inline - RelativeJump 0x0177124D-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000125B, Type: Inline - RelativeJump 0x0177125B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001264, Type: Inline - RelativeCall 0x01771264-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000126B, Type: Inline - RelativeJump 0x0177126B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001272, Type: Inline - RelativeJump 0x01771272-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001284, Type: Inline - RelativeCall 0x01771284-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001290, Type: Inline - RelativeCall 0x01771290-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000012FE, Type: Inline - RelativeJump 0x017712FE-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001313, Type: Inline - RelativeJump 0x01771313-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001330, Type: Inline - RelativeCall 0x01771330-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000133C, Type: Inline - RelativeCall 0x0177133C-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001356, Type: Inline - PushRet 0x01771356-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001359, Type: Inline - RelativeJump 0x01771359-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001366, Type: Inline - RelativeJump 0x01771366-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000139C, Type: Inline - RelativeJump 0x0177139C-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000013AC, Type: Inline - RelativeJump 0x017713AC-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000013C1, Type: Inline - RelativeJump 0x017713C1-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000013EA, Type: Inline - RelativeJump 0x017713EA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000142C, Type: Inline - RelativeJump 0x0177142C-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000145B, Type: Inline - RelativeJump 0x0177145B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000146A, Type: Inline - RelativeCall 0x0177146A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000014A1, Type: Inline - RelativeJump 0x017714A1-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000014AC, Type: Inline - PushRet 0x017714AC-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000014CF, Type: Inline - RelativeCall 0x017714CF-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000014D4, Type: Inline - RelativeCall 0x017714D4-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000014DD, Type: Inline - PushRet 0x017714DD-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000014F6, Type: Inline - RelativeCall 0x017714F6-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001503, Type: Inline - PushRet 0x01771503-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000150A, Type: Inline - RelativeCall 0x0177150A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001511, Type: Inline - PushRet 0x01771511-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001512, Type: Inline - RelativeJump 0x01771512-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001545, Type: Inline - RelativeJump 0x01771545-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001582, Type: Inline - RelativeJump 0x01771582-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000159C, Type: Inline - RelativeCall 0x0177159C-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000015A6, Type: Inline - RelativeJump 0x017715A6-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000015AA, Type: Inline - RelativeCall 0x017715AA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000015DE, Type: Inline - RelativeCall 0x017715DE-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000015EA, Type: Inline - PushRet 0x017715EA-->00000000 [kernel32.dll]

[284]explorer.exe-->wsock32.dll+0x000015FA, Type: Inline - RelativeJump 0x017715FA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001607, Type: Inline - RelativeJump 0x01771607-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000161A, Type: Inline - RelativeCall 0x0177161A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001632, Type: Inline - RelativeCall 0x01771632-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001637, Type: Inline - PushRet 0x01771637-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000163A, Type: Inline - RelativeCall 0x0177163A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000166B, Type: Inline - RelativeCall 0x0177166B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001672, Type: Inline - RelativeJump 0x01771672-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000168C, Type: Inline - RelativeCall 0x0177168C-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001698, Type: Inline - PushRet 0x01771698-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000169E, Type: Inline - RelativeJump 0x0177169E-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000016B0, Type: Inline - RelativeJump 0x017716B0-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000016EA, Type: Inline - RelativeCall 0x017716EA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000016FA, Type: Inline - PushRet 0x017716FA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001703, Type: Inline - RelativeJump 0x01771703-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001718, Type: Inline - PushRet 0x01771718-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001719, Type: Inline - RelativeJump 0x01771719-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001727, Type: Inline - RelativeJump 0x01771727-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000177D, Type: Inline - RelativeJump 0x0177177D-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000017B7, Type: Inline - SEH 0x017717B7 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000017B8, Type: Inline - RelativeCall 0x017717B8-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001806, Type: Inline - RelativeCall 0x01771806-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000180E, Type: Inline - RelativeJump 0x0177180E-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001827, Type: Inline - PushRet 0x01771827-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000183D, Type: Inline - RelativeJump 0x0177183D-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000187F, Type: Inline - PushRet 0x0177187F-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001884, Type: Inline - RelativeCall 0x01771884-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001891, Type: Inline - RelativeCall 0x01771891-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000018B8, Type: Inline - RelativeJump 0x017718B8-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000018CD, Type: Inline - RelativeJump 0x017718CD-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001904, Type: Inline - SEH 0x01771904 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001905, Type: Inline - RelativeCall 0x01771905-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001916, Type: Inline - PushRet 0x01771916-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000191E, Type: Inline - RelativeCall 0x0177191E-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000192F, Type: Inline - PushRet 0x0177192F-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001937, Type: Inline - RelativeCall 0x01771937-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001943, Type: Inline - PushRet 0x01771943-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000194F, Type: Inline - RelativeCall 0x0177194F-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001966, Type: Inline - RelativeCall 0x01771966-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001970, Type: Inline - RelativeJump 0x01771970-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001983, Type: Inline - RelativeJump 0x01771983-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000199E, Type: Inline - PushRet 0x0177199E-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000019A3, Type: Inline - RelativeJump 0x017719A3-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000019B4, Type: Inline - RelativeCall 0x017719B4-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000019B9, Type: Inline - SEH 0x017719B9 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000019BA, Type: Inline - RelativeCall 0x017719BA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000019C4, Type: Inline - RelativeCall 0x017719C4-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000019D4, Type: Inline - RelativeJump 0x017719D4-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000019EC, Type: Inline - PushRet 0x017719EC-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000019EF, Type: Inline - RelativeCall 0x017719EF-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001A28, Type: Inline - RelativeJump 0x01771A28-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001A69, Type: Inline - RelativeJump 0x01771A69-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001A76, Type: Inline - RelativeCall 0x01771A76-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001A7E, Type: Inline - RelativeJump 0x01771A7E-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001AD3, Type: Inline - PushRet 0x01771AD3-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001B4C, Type: Inline - RelativeCall 0x01771B4C-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001BB0, Type: Inline - RelativeJump 0x01771BB0-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001BC1, Type: Inline - RelativeCall 0x01771BC1-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001BD1, Type: Inline - PushRet 0x01771BD1-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001BFE, Type: Inline - RelativeJump 0x01771BFE-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001C26, Type: Inline - RelativeJump 0x01771C26-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001C33, Type: Inline - RelativeJump 0x01771C33-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001C4A, Type: Inline - PushRet 0x01771C4A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001C79, Type: Inline - PushRet 0x01771C79-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001C8A, Type: Inline - RelativeJump 0x01771C8A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001C91, Type: Inline - RelativeCall 0x01771C91-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001C98, Type: Inline - RelativeJump 0x01771C98-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001CA5, Type: Inline - RelativeCall 0x01771CA5-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001CF9, Type: Inline - RelativeCall 0x01771CF9-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001D00, Type: Inline - RelativeJump 0x01771D00-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001D36, Type: Inline - RelativeCall 0x01771D36-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001DA7, Type: Inline - RelativeCall 0x01771DA7-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001DB2, Type: Inline - RelativeCall 0x01771DB2-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001DBF, Type: Inline - RelativeCall 0x01771DBF-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001E0A, Type: Inline - RelativeJump 0x01771E0A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001E51, Type: Inline - RelativeJump 0x01771E51-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001E6A, Type: Inline - RelativeJump 0x01771E6A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001E7B, Type: Inline - RelativeCall 0x01771E7B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001E86, Type: Inline - RelativeJump 0x01771E86-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001E8F, Type: Inline - RelativeCall 0x01771E8F-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001EA5, Type: Inline - PushRet 0x01771EA5-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001EAA, Type: Inline - RelativeCall 0x01771EAA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001EB4, Type: Inline - RelativeCall 0x01771EB4-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001EEB, Type: Inline - SEH 0x01771EEB [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001EEC, Type: Inline - RelativeJump 0x01771EEC-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001F43, Type: Inline - PushRet 0x01771F43-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001F4B, Type: Inline - RelativeCall 0x01771F4B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001F6B, Type: Inline - RelativeJump 0x01771F6B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001F95, Type: Inline - RelativeJump 0x01771F95-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001F99, Type: Inline - RelativeCall 0x01771F99-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001FAA, Type: Inline - PushRet 0x01771FAA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001FAD, Type: Inline - RelativeCall 0x01771FAD-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001FBE, Type: Inline - RelativeJump 0x01771FBE-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001FD5, Type: Inline - PushRet 0x01771FD5-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00001FD9, Type: Inline - RelativeCall 0x01771FD9-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000204B, Type: Inline - RelativeCall 0x0177204B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002064, Type: Inline - PushRet 0x01772064-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002070, Type: Inline - DirectCall 0x01772070-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000207B, Type: Inline - RelativeJump 0x0177207B-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002088, Type: Inline - RelativeJump 0x01772088-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002094, Type: Inline - RelativeCall 0x01772094-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000020CA, Type: Inline - RelativeJump 0x017720CA-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000020DD, Type: Inline - RelativeCall 0x017720DD-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000020E2, Type: Inline - RelativeJump 0x017720E2-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000020F9, Type: Inline - RelativeCall 0x017720F9-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000020FE, Type: Inline - RelativeJump 0x017720FE-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002110, Type: Inline - RelativeJump 0x01772110-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002124, Type: Inline - RelativeJump 0x01772124-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002137, Type: Inline - RelativeJump 0x01772137-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002148, Type: Inline - RelativeJump 0x01772148-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000215A, Type: Inline - RelativeCall 0x0177215A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002160, Type: Inline - PushRet 0x01772160-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000021C0, Type: Inline - SEH 0x017721C0 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000021D3, Type: Inline - RelativeJump 0x017721D3-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000241E, Type: Inline - RelativeJump 0x0177241E-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002428, Type: Inline - RelativeCall 0x01772428-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x0000284A, Type: Inline - RelativeJump 0x0177284A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002E59, Type: Inline - RelativeJump 0x01772E59-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002F1A, Type: Inline - RelativeJump 0x01772F1A-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002F29, Type: Inline - RelativeCall 0x01772F29-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002F3E, Type: Inline - RelativeJump 0x01772F3E-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002F93, Type: Inline - RelativeCall 0x01772F93-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00002F99, Type: Inline - RelativeJump 0x01772F99-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00003026, Type: Inline - RelativeJump 0x01773026-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00003071, Type: Inline - RelativeCall 0x01773071-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00003088, Type: Inline - RelativeCall 0x01773088-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x00003095, Type: Inline - RelativeCall 0x01773095-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000030D4, Type: Inline - RelativeJump 0x017730D4-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll+0x000030E0, Type: Inline - RelativeCall 0x017730E0-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll-->kernel32.dll-->DisableThreadLibraryCalls, Type: IAT modification 0x71AC1000-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x71AC1008-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x71AC100C-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x71AC1004-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll-->kernel32.dll-->GetTickCount, Type: IAT modification 0x71AC1010-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x71AC1018-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll-->ws2_32.dll-->WSARecv, Type: IAT modification 0x71AC102C-->00000000 [unknown_code_page]

[284]explorer.exe-->wsock32.dll-->ws2_32.dll-->WSARecvFrom, Type: IAT modification 0x71AC1028-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[3664]alg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[3664]alg.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]

[3664]alg.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]

[3664]alg.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]

[3664]alg.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]

[3664]alg.exe-->ws2_32.dll-->WSAConnect, Type: IAT modification 0x010010F0-->00000000 [ws2_32.dll]

[3664]alg.exe-->ws2_32.dll-->WSAEnumNetworkEvents, Type: IAT modification 0x010010EC-->00000000 [ws2_32.dll]

[3664]alg.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x010010F4-->00000000 [ws2_32.dll]

[3664]alg.exe-->ws2_32.dll-->WSASocketW, Type: IAT modification 0x010010F8-->00000000 [ws2_32.dll]

[392]mdm.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[392]mdm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[564]sqlservr.exe-->kernel32.dll+0x00001BB9, Type: Inline - SEH 0x7C801BB9 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[564]sqlservr.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]

[688]RTHDCPL.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[788]mDNSResponder.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x0042D268-->00000000 [ws2_32.dll]

[788]mDNSResponder.exe-->ws2_32.dll-->WSAIoctl, Type: IAT modification 0x0042D25C-->00000000 [ws2_32.dll]

[788]mDNSResponder.exe-->ws2_32.dll-->WSAStringToAddressA, Type: IAT modification 0x0042D26C-->00000000 [ws2_32.dll]

[848]jusched.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[848]jusched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[848]jusched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]

[848]jusched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]

[848]jusched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]

[848]jusched.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]

[892]PrintDisp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[916]csrss.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[944]winlogon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

[944]winlogon.exe-->ws2_32.dll-->getaddrinfo, Type: IAT modification 0x01001A28-->00000000 [ws2_32.dll]

[988]services.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]

[988]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]

**/
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am
Advertisement
Register to Remove

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 29th, 2010, 10:22 am

Hi norp,


I uninstalled AVG9.0 …… Should I reinstall it now


Yes, please install AVG9 as a top priority.

Next

Custom OTL scan
  • Double click on OTL.exe to run it.
  • Under the Custom Scan box paste this in
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90 
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Please post the contents of OTL.txt in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 29th, 2010, 2:11 pm

AVG9 reinstalled, interestingly enough this popped up after a full system scan was performed:
"F:\gammel disk\Documents and Settings\Default User\SendTo\CabTool.exe";"Trojan horse BackDoor.Generic12.BRNA";"Moved to Virus Vault"

The folder "F:\gammel disk\Documents and Settings" is actually the documents and settings folder from my old computer(really old) which I just copyed over to this computer when we built it.

/** OTL log created with custom scan

OTL logfile created on: 29.06.2010 19:49:15 - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Eirik\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 48,83 Gb Total Space | 20,00 Gb Free Space | 40,97% Space Free | Partition Type: NTFS
Drive D: | 649,80 Gb Total Space | 292,43 Gb Free Space | 45,00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1397,26 Gb Total Space | 677,67 Gb Free Space | 48,50% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EIRIK-5S2SXZE54
Current User Name: Eirik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Programfiler\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programfiler\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programfiler\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programfiler\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programfiler\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programfiler\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programfiler\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Eirik\Skrivebord\OTL.exe (OldTimer Tools)
PRC - C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
PRC - C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
PRC - C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programfiler\Google\Gmail Notifier\gnotify.exe (Google Inc.)
PRC - C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Eirik\Skrivebord\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (D4ACF79F) -- File not found
SRV - (avg9wd) -- C:\Programfiler\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Programfiler\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (4EBCE7AE) -- C:\WINDOWS\system32\4EBCE7AE.exe ()
SRV - (Printer Control) -- C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
SRV - (FLEXnet Licensing Service) -- C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (LBTServ) -- C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (msvsmon90) -- C:\Programfiler\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (ForcewareWebInterface) -- C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (lxcf_device) -- C:\WINDOWS\System32\lxcfcoms.exe ( )
SRV - (IDriverT) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (JRAID) -- C:\WINDOWS\System32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (JGOGO) -- C:\WINDOWS\System32\DRIVERS\JGOGO.sys (JMicron )
DRV - (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.no/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.3.2
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:2.0.0.0
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.5.5
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.2.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:2.7.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:1.3.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: startaid@startaid.com:1.4.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programfiler\AVG\AVG9\Firefox [2010.06.29 17:04:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2010.06.28 00:28:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2010.06.28 00:28:15 | 000,000,000 | ---D | M]

[2008.09.11 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Extensions
[2010.06.29 09:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions
[2010.03.18 09:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{0a64f55b-5f99-4437-a2ba-d6fd3a01f3e9}
[2010.03.18 09:23:32 | 000,000,000 | ---D | M] (Godfather) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{0a64f55b-5f99-4437-a2ba-d6fd3a01f3e9}-trash
[2009.07.09 18:55:58 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010.05.11 09:01:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\hw2f6fk1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.18 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions
[2010.06.18 13:06:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.28 00:56:49 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009.03.28 00:59:13 | 000,000,000 | ---D | M] (Extension Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.03.28 00:56:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.04.12 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\facepad@lazyrussian.com
[2009.03.28 00:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\firefox@ghostery.com
[2009.04.12 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\je5f2hw4.Dev\extensions\foxmarks@kei.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Bulk Image Downloader) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
[2009.03.28 00:54:55 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.03.28 00:54:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\facepad@lazyrussian.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\firefox@ghostery.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\foxmarks@kei.com
[2009.03.28 00:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Mozilla\Firefox\Profiles\Kopi av hw2f6fk1.default\extensions\startaid@startaid.com
[2010.06.29 09:40:19 | 000,000,000 | ---D | M] -- C:\Programfiler\Mozilla Firefox\extensions
[2010.04.16 08:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.12 01:51:54 | 000,001,525 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.06.12 01:51:54 | 000,000,955 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\bok-NO.xml
[2010.06.12 01:51:54 | 000,000,968 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\qxl-NO.xml
[2010.06.12 01:51:54 | 000,001,203 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml
[2010.06.12 01:51:54 | 000,001,176 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\wikipedia-NO.xml
[2010.06.12 01:51:54 | 000,001,192 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\yahoo-NO.xml

O1 HOSTS File: ([2009.06.08 21:32:22 | 000,287,256 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 9902 more lines...
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programfiler\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programfiler\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nTrayFw] C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 192.168.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programfiler\Fellesfiler\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll - c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.11 21:31:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9a915dbc-6467-11df-9daf-001e8cb404f8}\Shell - "" = AutoRun
O33 - MountPoints2\{9a915dbc-6467-11df-9daf-001e8cb404f8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.09.11 23:22:43 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SystemRestore not available.

========== Files/Folders - Created Within 90 Days ==========

[2010.06.29 17:02:25 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.06.29 16:59:48 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.06.29 16:59:44 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.06.29 16:59:44 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.06.29 16:59:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.06.28 00:54:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eirik\Siste
[2010.06.28 00:29:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eirik\Skrivebord\OTL.exe
[2010.05.28 01:27:51 | 000,000,000 | ---D | C] -- C:\Programfiler\Real
[2010.05.28 01:27:18 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\xing shared
[2010.05.28 01:25:08 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Real
[2010.05.23 17:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eirik\Programdata\U3
[2010.05.11 08:50:13 | 000,000,000 | ---D | C] -- C:\Programfiler\DAEMON Tools Toolbar
[2010.05.11 08:49:57 | 000,000,000 | ---D | C] -- C:\Programfiler\DAEMON Tools Lite
[2010.05.11 08:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eirik\Programdata\DAEMON Tools Lite
[2010.05.11 08:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Lite
[2010.05.11 08:46:44 | 000,000,000 | ---D | C] -- C:\Programfiler\FileHippo.com
[2010.05.05 11:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eirik\workspace2
[2010.05.05 10:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eirik\Programdata\Google
[2010.05.03 10:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eirik\Mine dokumenter\DVDVideoSoft
[2010.05.03 10:34:05 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\DVDVideoSoft
[2010.05.03 10:34:05 | 000,000,000 | ---D | C] -- C:\Programfiler\DVDVideoSoft
[2010.04.30 07:37:50 | 000,000,000 | ---D | C] -- C:\registerbackup
[2010.04.30 07:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\Threat Expert
[2010.04.30 06:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\NVIDIA Corporation
[2010.04.30 06:49:37 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010.04.30 06:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\nView_Profiles
[2010.04.29 18:55:46 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.04.28 18:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eirik\Programdata\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1
[2010.04.09 06:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\PopCap Games
[2005.07.25 21:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2005.07.25 21:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2005.07.25 21:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2005.07.25 21:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2005.07.25 21:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2005.07.25 21:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2005.07.25 21:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Programfiler\*.tmp files -> C:\Programfiler\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.06.29 17:05:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.29 17:04:54 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.06.29 17:04:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1284227242-725345543-1003.job
[2010.06.29 17:04:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010.06.29 17:04:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.29 17:04:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.29 17:03:37 | 017,301,504 | -H-- | M] () -- C:\Documents and Settings\Eirik\NTUSER.DAT
[2010.06.29 17:02:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.06.29 17:02:25 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.06.29 17:02:25 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.06.29 17:02:19 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.06.29 16:59:49 | 000,001,500 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\AVG Free 9.0.lnk
[2010.06.29 16:59:44 | 061,482,731 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.06.29 16:59:44 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.06.29 16:59:40 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.06.29 16:59:40 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.06.29 16:59:40 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.06.29 14:18:43 | 000,000,286 | -HS- | M] () -- C:\Documents and Settings\Eirik\ntuser.ini
[2010.06.29 11:21:06 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\4EBCE7AE.exe
[2010.06.29 10:55:35 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\RKUnhookerLE.EXE
[2010.06.28 08:16:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\2zf0ddhc.exe
[2010.06.28 00:49:47 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.28 00:29:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eirik\Skrivebord\OTL.exe
[2010.06.28 00:29:18 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\SecurityCheck.exe
[2010.06.28 00:24:44 | 001,606,696 | -H-- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\IconCache.db
[2010.06.28 00:22:12 | 002,104,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.28 00:13:33 | 000,000,597 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.27 22:53:17 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\CKScanner.exe
[2010.06.24 12:06:19 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\HiJackThis.lnk
[2010.06.23 16:20:37 | 000,053,384 | ---- | M] () -- C:\Documents and Settings\Eirik\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
[2010.06.23 01:39:38 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Eirik\defogger_reenable
[2010.06.23 01:38:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\Defogger.exe
[2010.06.23 01:37:51 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2010.06.23 00:36:57 | 001,148,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 00:36:57 | 000,493,394 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2010.06.23 00:36:57 | 000,490,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 00:36:57 | 000,098,274 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2010.06.23 00:36:57 | 000,089,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.15 11:54:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.05.30 02:47:06 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010.05.30 02:47:06 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2010.05.30 02:24:26 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010.05.30 02:24:25 | 000,000,237 | RHS- | M] () -- C:\boot.ini
[2010.05.28 01:28:50 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1284227242-725345543-1003.job
[2010.05.11 08:50:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.05.11 08:46:44 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\Update Checker.lnk
[2010.05.07 12:44:35 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010.05.05 10:25:02 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Google SketchUp 7.lnk
[2010.05.03 10:34:15 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Eirik\Skrivebord\DVDVideoSoft Free Studio.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.09 06:16:57 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010.04.09 06:11:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010.04.03 22:55:32 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010.04.03 22:55:32 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010.04.03 22:55:32 | 000,025,755 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010.04.03 22:55:32 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010.04.03 19:22:32 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Programfiler\*.tmp files -> C:\Programfiler\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.29 16:59:49 | 000,001,500 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\AVG Free 9.0.lnk
[2010.06.29 16:59:44 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.06.29 16:59:40 | 061,482,731 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.06.29 16:59:40 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.06.29 16:59:40 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.06.29 16:59:40 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.06.29 11:21:06 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\4EBCE7AE.exe
[2010.06.29 10:55:35 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\RKUnhookerLE.EXE
[2010.06.28 08:16:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\2zf0ddhc.exe
[2010.06.28 00:29:13 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\SecurityCheck.exe
[2010.06.27 22:53:16 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\CKScanner.exe
[2010.06.24 12:05:27 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\HiJackThis.lnk
[2010.06.23 01:39:29 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Eirik\defogger_reenable
[2010.06.23 01:38:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\Defogger.exe
[2010.06.23 01:37:51 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2010.05.30 02:47:06 | 000,088,813 | ---- | C] () -- C:\wubildr
[2010.05.30 02:47:06 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2010.05.28 01:28:51 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1284227242-725345543-1003.job
[2010.05.28 01:28:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1284227242-725345543-1003.job
[2010.05.11 08:46:44 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\Update Checker.lnk
[2010.05.05 10:25:02 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Google SketchUp 7.lnk
[2010.05.03 10:34:15 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Eirik\Skrivebord\DVDVideoSoft Free Studio.lnk
[2010.04.30 06:49:37 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010.04.30 06:49:34 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.04.29 18:55:47 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010.04.09 06:11:14 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010.04.09 06:11:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010.04.03 19:22:32 | 000,276,202 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010.04.03 19:22:32 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010.02.03 16:13:46 | 000,000,084 | ---- | C] () -- C:\WINDOWS\DiskPie95.ini
[2009.11.30 23:30:29 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll
[2009.11.01 11:11:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.07.28 12:08:20 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2009.03.05 07:01:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.03.05 07:01:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.03.05 06:58:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngineDrive1.sys
[2009.01.16 01:04:27 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2009.01.16 01:04:27 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2009.01.16 01:04:27 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2009.01.16 01:04:27 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2009.01.16 01:04:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2009.01.16 01:04:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2009.01.16 01:04:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2009.01.16 01:04:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2009.01.16 01:04:27 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2009.01.16 01:04:27 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2009.01.16 01:04:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2009.01.16 01:04:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2009.01.16 01:04:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2009.01.16 01:04:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2009.01.16 01:04:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2009.01.16 01:04:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2009.01.16 01:04:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2009.01.16 01:04:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2009.01.16 01:04:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2009.01.16 01:04:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2009.01.16 01:04:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2008.11.24 13:25:16 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008.11.22 00:56:40 | 000,000,674 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.09.20 11:01:30 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.09.16 08:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.09.11 21:45:06 | 000,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008.09.11 21:45:06 | 000,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008.09.11 21:43:02 | 000,013,423 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.09.11 21:42:25 | 000,013,174 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.09.11 21:42:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.09.11 21:42:16 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.06.18 17:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.04.06 11:35:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxcfinsr.dll
[2006.04.06 11:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxcfcur.dll
[2006.04.06 11:35:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxcfjswr.dll
[2005.07.07 11:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll

========== LOP Check ==========

[2010.06.29 16:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\avg9
[2010.05.11 08:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Lite
[2009.05.02 00:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Electronic Arts
[2009.03.02 03:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Funcom
[2010.04.09 06:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\PopCap Games
[2009.10.24 11:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\PreEmptive Solutions
[2010.06.24 12:04:16 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\All Users\Programdata\TEMP
[2008.10.06 20:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\vsosdk
[2010.01.07 19:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.02.03 13:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\AltrixSoft
[2010.02.03 19:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\AVG9
[2008.09.20 03:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Bioshock
[2008.09.12 21:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\DAEMON Tools
[2010.05.11 08:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\DAEMON Tools Lite
[2009.11.24 05:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\DC++
[2009.04.04 00:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Feedreader
[2009.11.30 21:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Foxit Software
[2010.04.01 04:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\gtk-2.0
[2009.11.24 06:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Leadertech
[2010.05.07 11:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Nokia
[2009.01.07 03:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Nvu
[2008.11.22 00:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\OpenOffice.org
[2008.12.04 12:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Opera
[2010.04.28 18:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1
[2009.02.17 07:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Sony Online Entertainment
[2008.10.18 23:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Sports Interactive
[2008.10.09 10:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Subversion
[2008.11.16 20:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\SWI-Prolog
[2009.08.12 10:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Turbine
[2009.09.18 13:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Uniblue
[2010.06.27 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\uTorrent
[2009.12.14 21:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\Vso
[2009.05.23 20:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\WeatherAir.B38FAEF731744E60C0F74F628251552B283C7F8A.1
[2009.07.23 17:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\www.TheXSoft.com
[2008.11.18 01:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eirik\Programdata\xpce
[2010.06.29 17:04:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008.09.11 21:45:16 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008.09.20 22:11:11 | 000,000,133 | ---- | M] () -- C:\.slime-history.eld
[2008.09.11 21:31:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.05.30 02:24:25 | 000,000,237 | RHS- | M] () -- C:\boot.ini
[2002.09.16 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008.10.06 20:07:00 | 000,000,185 | ---- | M] () -- C:\CDFE.log
[2010.05.30 02:24:26 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2008.09.11 21:31:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.06.29 17:03:16 | 000,048,111 | ---- | M] () -- C:\lxcf.log
[2008.09.11 21:31:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.09.11 21:56:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.09.11 21:56:49 | 000,250,560 | RHS- | M] () -- C:\ntldr
[2010.06.29 17:04:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008.09.11 21:50:02 | 000,000,499 | ---- | M] () -- C:\RHDSetup.log
[2010.05.30 02:47:06 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010.05.30 02:47:06 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.09.11 23:24:27 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.09.11 23:24:27 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.09.11 23:24:27 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010.06.29 17:02:19 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010.06.29 17:02:25 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010.06.29 17:02:27 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010.04.03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010.05.11 08:50:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:FA5F15C4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:DFC5A2B2
< End of report >

**/
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 29th, 2010, 3:05 pm

Hi norp,

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\system32\4EBCE7AE.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 29th, 2010, 6:30 pm

Hi deltalima,
TFC removed 327 MB of files and did promt me to reboot, no log was created though.

/** VirusTotal log start

File 4EBCE7AE.exe received on 2010.06.29 22:22:26 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/41 (2.44%)


Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.06.29 -
AhnLab-V3 2010.06.29.00 2010.06.29 -
AntiVir 8.2.4.2 2010.06.29 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.29 -
Avast 4.8.1351.0 2010.06.29 -
Avast5 5.0.332.0 2010.06.29 -
AVG 9.0.0.836 2010.06.29 -
BitDefender 7.2 2010.06.29 -
CAT-QuickHeal 10.00 2010.06.29 -
ClamAV 0.96.0.3-git 2010.06.29 -
Comodo 5259 2010.06.29 -
DrWeb 5.0.2.03300 2010.06.29 -
eSafe 7.0.17.0 2010.06.29 -
eTrust-Vet 36.1.7675 2010.06.29 -
F-Prot 4.6.1.107 2010.06.29 -
F-Secure 9.0.15370.0 2010.06.30 -
Fortinet 4.1.133.0 2010.06.29 -
GData 21 2010.06.30 -
Ikarus T3.1.1.84.0 2010.06.29 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.29 -
McAfee 5.400.0.1158 2010.06.29 -
McAfee-GW-Edition 2010.1 2010.06.29 -
Microsoft 1.5902 2010.06.29 -
NOD32 5238 2010.06.29 -
Norman 6.05.10 2010.06.29 -
nProtect 2010-06-29.01 2010.06.29 -
Panda 10.0.2.7 2010.06.29 Suspicious file
PCTools 7.0.3.5 2010.06.29 -
Prevx 3.0 2010.06.30 -
Rising 22.54.01.03 2010.06.29 -
Sophos 4.54.0 2010.06.29 -
Sunbelt 6523 2010.06.29 -
Symantec 20101.1.0.89 2010.06.29 -
TheHacker 6.5.2.0.304 2010.06.28 -
TrendMicro 9.120.0.1004 2010.06.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.30 -
VBA32 3.12.12.5 2010.06.29 -
ViRobot 2010.6.29.3912 2010.06.29 -
VirusBuster 5.0.27.0 2010.06.29 -
Additional information
File size: 6656 bytes
MD5...: 2f5b3d5bcab8eaec43263edf7a45a918
SHA1..: 377b704b6a99f784ff2e2f24e8789ee5d1ba019f
SHA256: a9e4ce36ca738ec265db23a2eeec643bdc256df0686062b69cf4660ad4bbeaea
ssdeep: 96:nPUW2eBXPNBxBWtY1ZuC1PS8A28e9lZGC0e:nc4l58Y17jA2XeBe
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1c0c
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0xcb8 0xe00 5.94 f838ddf4b795968e326b06b0e42fb162
DATA 0x2000 0x8 0x200 0.04 532dd4aa9cd9b1a3dad1f0b610d1d6cc
BSS 0x3000 0xa2321 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xa6000 0x284 0x400 3.23 31e8b75f00ee72119e8f0d98f58a0573
.reloc 0xa7000 0x110 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xa8000 0x200 0x200 0.08 793d208c86af793cc8cd917d5a9d29e0

( 3 imports )
> advapi32.dll: RegisterServiceCtrlHandlerW, SetServiceStatus, StartServiceCtrlDispatcherW
> kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetModuleHandleW, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess
> ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -

VirusTotal log end **/
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 30th, 2010, 3:56 am

Hi norp,

After a thorough investigation there are no signs of active malware on the computer.

I do not believe that the problems are hardware related as I'm able to boot up my Ubuntu OS and it runs smoothly


I see your logic here, however this does not necessarily imply malware is the reason for the issues you describe. From experience I would suggest that the symptoms you describe are consistent with video driver or DirectX problems.

While this forum is specifically to deal with malware issues I suggest that you go into control panel then Display to reduce Hardware acceleration.

Also run dxdiag from the run box to disable DirectX acceleration features to see if the problem is removed.

Here are some excellent Tech sites (in no particular order) that may be able to help with these problems:

.

Let's clean up the tools that we have used.

Remove GMER

Delete the GMER icon from your desktop, it will be named 2zf0ddhc.exe

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby norp » June 30th, 2010, 7:51 am

Thank you so much for your help and patience deltalima!
Will follow the tips you suggested as well as search for updates to videodrivers.

Have a marvelous summer :)
norp
Active Member
 
Posts: 12
Joined: June 24th, 2010, 6:14 am

Re: Computer crashing issues (possibly rootkit related)

Unread postby deltalima » June 30th, 2010, 7:52 am

You're very welcome!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer crashing issues (possibly rootkit related)

Unread postby Dakeyras » June 30th, 2010, 8:37 am

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware