site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > nvchip4.exe maybe new virus~~

Search Topic:
 Uniqs:
3701		 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
page: 1 · 2
AuthorAll Replies


kaspersky

join:2004-02-14
China

nvchip4.exe maybe new virus~~

hi~~

I have saw some items in someone"s hjt log like the following~~~

1.Running processes:
C:\WINNT\system32\nvchip4.exe

O4 - HKLM\..\Run: [nVidia Chip4] nvchip4.exe
O4 - HKLM\..\RunServices: [nVidia Chip4] nvchip4.exe

2.
O4 - HKLM\..\Run: [svrhost] C:\WINNT\System32\svrhost.exe
O4 - HKLM\..\Run: [S3 Internal] s3chip4.exe
O4 - HKLM\..\Run: [S3 Chip3] s3int.exe
O4 - HKLM\..\RunServices: [S3 Internal] s3chip4.exe
O4 - HKLM\..\RunServices: [S3 Chip3] s3int.exe

when the 2 reboot his computer~~~he also found some files like the :nvchip4.exe and winhlpp32.exe(all are
113K)

i had got these files and detect them by »kaspersky.com/remoteviruschk.html

but have no result~~

i think they are virus or trojan ~~

anyone want to analyse them??

to forum · permalink · 2004-03-08 10:12:21 ·

Tablet
Premium
join:2003-01-15
Czech

Could you please send it to me? I sent you my email address via PM.

Thanks

to forum · permalink · 2004-03-08 10:23:25 ·

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
1 edit

At first I was going to ask, does this guy have an nVidia card, but if it also has copies under S3chip, etc. then it's probably some sort of malware or spyware.

You should submit it to the Submit Suspected Malware link at the top of the forum page, and post it to the Malware Archive for the AV vendor members to have a look.

The svrhost.exe could be Adware.Satbo: »sarc.com/avcenter/venc/data/adwa···tbo.html

to forum · permalink · 2004-03-08 10:28:30 ·


John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England

reply to kaspersky
It looks as though svrhost.exe might be this:

»www.pestpatrol.com/PestInfo/i/ia···ther.asp
--
Better to remain silent and be thought a fool, than to speak and remove all doubt.

to forum · permalink · 2004-03-08 10:29:13 ·

Tablet
Premium
join:2003-01-15
Czech
1 edit

reply to kaspersky
I found this in SARC database: »sarc.com/avcenter/venc/data/adwa···tbo.html

The other filenames don't match though, except for the svrhost.exe.

to forum · permalink · 2004-03-08 10:32:37 ·


kaspersky

join:2004-02-14
China

hi~~kpatz and Tablet:

please check your email~~~i sent them to you~~

to forum · permalink · 2004-03-08 10:38:57 ·


kaspersky

join:2004-02-14
China

Vampirefo :

check your mail too~~~~

:)

to forum · permalink · 2004-03-08 10:42:58 ·


Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
kudos:1
1 edit

nvchip4.exe and winhlpp32.exe are the same files both trojans, do you have a copy of the other files?
--
Spam Officially Legal

to forum · permalink · 2004-03-08 11:17:00 ·

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

reply to kaspersky
Looks like it's a IRC Backdoor trojan of some sort. A nasty looking one at that. Just looking at the text strings buried within the unpacked executable, I see:

* IRC commands - so this is a backdoor similar to SDBot
* Ability to use FTP to download/upload stuff
* Ability to manipulate shares
* Turn DCOM on and off
* Remotely execute code
* Sniff traffic
* Get Windows product keys
* Install/remove plugins
* References file names related to Blaster worms - maybe to remove them, or install them?
* Port scanner
* SYN flooder/DOS attack
* HTTP flooder/DOS attack
* Download files and run from FTP or HTTP sites
* Shutdown computer
* List or kill processes
* Looks like it can set up a FTP server on the infected box
* Looks like it can kill security/AV products - long list of exe filenames listed including ZoneAlarm and many others
* Contains the string "netmaniac was here"
* Contains a long list of strings that look like they could be a password dictionary attack
* Flooders: phatwonk, phaticmp, HTTP, SYN, FTP, UDP
* Steals CD keys from: Unreal Tournament, The Gladiators, Shogun: Total War, Need for Speed: Underground, NHL 2003, NHL 2002, and MANY more

This looks like a serious nasty. I'm going to submit it to the AV vendors!

KJP

to forum · permalink · 2004-03-08 11:26:39 ·


Randy Bell
Premium
join:2002-02-24
Santa Clara, CA


KAV Does Not Detect with Latest Defs

NAV Does Not Detect Unless KAV first unpacks the virus
Strange .. KAV does not detect it at all with latest defs, and NAV does not detect it until I enable NAV RTM {Auto-Protect} while scanning with KAV .. then NAV pops up twice with the "generic" Gaobot detection shown in the second screenshot. {My thanks to kpatz See Profile for forwarding the sample}
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13)
to forum · permalink · 2004-03-08 11:58:18 ·

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Great find, Randy!

This is the third Agobot/Gaobot variant I've seen today. I captured two other samples via my port 3127 honeypot. What's interesting, is the port 3127 copies aren't packed, but the nvchip4 sample is packed with PE-Diminish. NAV apparently doesn't recognize the packed sample.

Stranger yet, other Agobot/Gaobot variants are detected heuristically by F-prot and NOD32, and generically by eTrust. This variant is missed by all. Also, other variants have the text strings encrypted, this variant doesn't.

to forum · permalink · 2004-03-08 12:09:43 ·

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Another tidbit of info - this worm appears to have RPC exploit code within, so it could come in via TCP 135 or 1025, similar to how Blaster spread.

to forum · permalink · 2004-03-08 12:15:29 ·


kaspersky

join:2004-02-14
China

so how to kill them???

thx all of you first~~

to forum · permalink · 2004-03-08 22:44:05 ·


Pictus

join:2003-03-15
Brazil

reply to kaspersky
Someone has tested this with DR.Web ?
No ?
So somebody, please send a copy to pictus@myrealbox.com, thanks.

Bye, Pictus

to forum · permalink · 2004-03-08 23:18:37 ·


kaspersky

join:2004-02-14
China

hi Pictus
~
check your mail~~I had sent to you~~:)

to forum · permalink · 2004-03-08 23:34:03 ·


Pictus

join:2003-03-15
Brazil

Thanks “KAV”
Dr.Web can detect this since 07.03.2004, thumbs up for Dr.Web.

Bye, Pictus
to forum · permalink · 2004-03-08 23:54:33 ·


kaspersky

join:2004-02-14
China

great Dr.Web
`~~~

but kav and nav looks like still can not detect this ~~



thx Pictus

to forum · permalink · 2004-03-09 00:05:15 ·


keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB

reply to kaspersky

quick submission to vendors important

If it hasn't been done already, it would great if one of you (at least) would make sure the samples are submitted to all the AV vendors via the "submit suspect malware link" in the BBR Security Forum main page.
to forum · permalink · 2004-03-09 00:23:31 ·


Anon930

@optonline.net

reply to kaspersky

Re: nvchip4.exe maybe new virus~~

Dr. Web was the only AV to detect this? Interesting note about the unpacking and NAV catching it. Why didn't Kav heuristics catch it like Navs did?
to forum · permalink · 2004-03-09 00:28:00 ·


kaspersky

join:2004-02-14
China

Regmon REPORT~~

45154 167.70971486 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvchip4.exe NOTFOUND
45155 167.71203471 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE116F250
45156 167.71207159 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Control\Termina l Server\TSAppCompat SUCCESS 0x0
45157 167.71209924 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE116F250
45158 167.74680392 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1ED33F0
45159 167.80651904 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Control\Termina l Server\TSAppCompat SUCCESS 0x0
45160 167.86665069 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1ED33F0
45161 167.92215354 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE1ED33F0
45162 167.92250218 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NOTFOUND
45163 167.92255834 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE1ED33F0
45164 167.92387750 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\O ption NOTFOUND
45165 167.92394035 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers SUCCESS Key: 0xE1ED33F0
45166 167.92402081 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\TransparentEnabled SUCCESS 0x1
45167 167.92406272 nvchip4.exe:1356 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers SUCCESS Key: 0xE1ED33F0
45168 167.92419933 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers NOTFOUND
45169 167.95490545 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1ED33F0
45170 167.95501860 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Control\Termina l Server\TSAppCompat SUCCESS 0x0
45171 167.95503620 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Control\Termina l Server\TSUserEnabled SUCCESS 0x0
45172 167.95514180 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1ED33F0
45173 167.95534713 nvchip4.exe:1356 OpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Key: 0xE1ED33F0
45174 167.95537814 nvchip4.exe:1356 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack NOTFOUND
45175 167.95547117 nvchip4.exe:1356 CloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Key: 0xE1ED33F0
45176 167.95558766 nvchip4.exe:1356 OpenKey HKLM SUCCESS Key: 0xE1ED33F0
45177 167.95562705 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NOTFOUND
45178 167.96234103 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument\ NOTFOUND
45179 167.96274751 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Key: 0xE1ED5458
45180 167.96279612 nvchip4.exe:1356 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32\nvchip4 NOTFOUND
45181 167.96283048 nvchip4.exe:1356 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Key: 0xE1ED5458
45182 167.96289250 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS Key: 0xE1ED5458
45183 167.96291513 nvchip4.exe:1356 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility\nvchip4 NOTFOUND
45184 167.96293776 nvchip4.exe:1356 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS Key: 0xE1ED5458
45185 167.96482180 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS Key: 0xE1ED5458
45186 167.96492991 nvchip4.exe:1356 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SUCCESS ""
45187 167.96498103 nvchip4.exe:1356 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS Key: 0xE1ED5458
45188 167.96729082 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\E xplorer\Performance NOTFOUND
45189 167.96769814 nvchip4.exe:1356 OpenKey HKLM\SYSTEM\Setup SUCCESS Key: 0xE1ED5458
45190 167.96787498 nvchip4.exe:1356 QueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCE SS 0x0
45191 167.96799901 nvchip4.exe:1356 CloseKey HKLM\SYSTEM\Setup SUCCESS Key: 0xE1ED5458
45192 167.96822279 nvchip4.exe:1356 OpenKey HKCU SUCCESS Key: 0xE1ED5458
45193 167.96825715 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOTFOUND
45194 167.96834682 nvchip4.exe:1356 OpenKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45195 167.96837029 nvchip4.exe:1356 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOTFOUND
45196 167.96844740 nvchip4.exe:1356 CloseKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45197 167.96851863 nvchip4.exe:1356 CloseKey HKCU SUCCESS Key: 0xE1ED5458
45198 167.96893600 nvchip4.exe:1356 OpenKey HKCU SUCCESS Key: 0xE1ED5458
45199 167.96904915 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOTFOUND
45200 167.96913882 nvchip4.exe:1356 OpenKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45201 167.96916397 nvchip4.exe:1356 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOTFOUND
45202 167.96923772 nvchip4.exe:1356 CloseKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45203 167.96931063 nvchip4.exe:1356 CloseKey HKCU SUCCESS Key: 0xE1ED5458
45204 167.97858583 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\S ideBySide\AssemblyStorageRoots NOTFOUND
45205 167.98517913 nvchip4.exe:1356 OpenKey HKCU SUCCESS Key: 0xE1ED5458
45206 167.98523779 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NOTFOUND
45207 167.98535596 nvchip4.exe:1356 OpenKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45208 167.98542888 nvchip4.exe:1356 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOTFOUND
45209 167.98545905 nvchip4.exe:1356 CloseKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45210 167.98553029 nvchip4.exe:1356 CloseKey HKCU SUCCESS Key: 0xE1ED5458
45211 168.00319733 nvchip4.exe:1356 OpenKey HKCU SUCCESS Key: 0xE1ED5458
45212 168.00338758 nvchip4.exe:1356 OpenKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45213 168.00342278 nvchip4.exe:1356 QueryValue HKCU\Control Panel\Desktop\SmoothScroll NOTFOUND
45214 168.00351832 nvchip4.exe:1356 CloseKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45215 168.00369516 nvchip4.exe:1356 OpenKey HKCU\software\Microsoft\Windows\CurrentVersion\E xplorer\Advanced SUCCESS Key: 0xE1ED3388
45216 168.00375718 nvchip4.exe:1356 QueryValue HKCU\software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced\EnableBalloonTips NOTFOUND
45217 168.00387787 nvchip4.exe:1356 OpenKey HKLM\software\Microsoft\Windows\CurrentVersion\E xplorer\Advanced SUCCESS Key: 0xE1DD2D28
45218 168.00390301 nvchip4.exe:1356 QueryValue HKLM\software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced\EnableBalloonTips NOTFOUND
45219 168.00401867 nvchip4.exe:1356 CloseKey HKLM\software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced SUCCESS Key: 0xE1DD2D28
45220 168.00411756 nvchip4.exe:1356 CloseKey HKCU\software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced SUCCESS Key: 0xE1ED3388
45221 168.00441173 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack SUCCESS Key: 0xE1ED3388
45222 168.00446034 nvchip4.exe:1356 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack\SURROGATE SUCCESS 0x2
45223 168.00452488 nvchip4.exe:1356 EnumerateValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack NOMORE
45224 168.00458857 nvchip4.exe:1356 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack SUCCESS Key: 0xE1ED3388
45225 168.00579459 nvchip4.exe:1356 OpenKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45226 168.00587421 nvchip4.exe:1356 QueryValue HKCU\Control Panel\Desktop\SmoothScroll NOTFOUND
45227 168.00591779 nvchip4.exe:1356 CloseKey HKCU\Control Panel\Desktop SUCCESS Key: 0xE1ED3388
45228 168.01430293 nvchip4.exe:1356 OpenKey HKLM\system\CurrentControlSet\control\NetworkPro vider\HwOrder SUCCESS Key: 0xE1ED3388
45229 168.06123374 nvchip4.exe:1356 CreateKey HKLM\System\CurrentControlSet\Services\Tcpip\P arameters SUCCESS Key: 0xE1DD2D28
45230 168.06132761 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\DnsCache\ Parameters SUCCESS Key: 0xE1EB64E0
45231 168.06136113 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows NT\DnsClient NOTFOUND
45232 168.06139717 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\DNS NOTFO UND
45233 168.06143237 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\QueryAdapterName NOTFOUND
45234 168.06145249 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DisableAdapterDomainName NOTFOUND
45235 168.06146673 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\UseDomainNameDevolution NOTFOUND
45236 168.06148266 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\UseDomainNameDevolution SUCCESS 0x1
45237 168.06149774 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\PrioritizeRecordData NOTFOUND
45238 168.06151199 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\PrioritizeRecordData NOTFOUND
45239 168.06152456 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\AllowUnqualifiedQuery NOTFOUND
45240 168.06153797 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\AllowUnqualifiedQuery NOTFOUND
45241 168.06155054 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\AppendToMultiLabelName NOTFOUND
45242 168.06156395 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\ScreenBadTlds NOTFOUND
45243 168.06157736 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\ScreenUnreachableServers NOTFOUND
45244 168.06158993 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\FilterClusterIp NOTFOUND
45245 168.06160334 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\WaitForNameErrorOnAll NOTFOUND
45246 168.06161591 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\UseEdns NOTFOUND
45247 168.06162932 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegistrationEnabled NOTFOUND
45248 168.06164357 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DisableDynamicUpdate NOTFOUND
45249 168.06165614 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegisterPrimaryName NOTFOUND
45250 168.06168296 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegisterAdapterName NOTFOUND
45251 168.06170140 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\EnableAdapterDomainNameRegistration NOTFOUND
45252 168.06171732 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegisterReverseLookup NOTFOUND
45253 168.06173325 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DisableReverseAddressRegistrations NOTFOUND
45254 168.06174582 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegisterWanAdapters NOTFOUND
45255 168.06175923 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DisableWanDynamicUpdate NOTFOUND
45256 168.06177264 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegistrationOverwritesInConflict NOTFOUND
45257 168.06178689 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DisableReplaceAddressesInConflicts NOTFOUND
45258 168.06179946 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegistrationTtl NOTFOUND
45259 168.06181287 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DefaultRegistrationTTL NOTFOUND
45260 168.06182544 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegistrationRefreshInterval NOTFOUND
45261 168.06183885 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DefaultRegistrationRefreshInterval NOTFOUND
45262 168.06185058 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\RegistrationMaxAddressCount NOTFOUND
45263 168.06186399 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\MaxNumberOfAddressesToRegister NOTFOUND
45264 168.06187656 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\UpdateSecurityLevel NOTFOUND
45265 168.06188913 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\UpdateSecurityLevel NOTFOUND
45266 168.06190170 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\UpdateZoneExcludeFile NOTFOUND
45267 168.06191344 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\UpdateTopLevelDomainZones NOTFOUND
45268 168.06192601 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\DnsTest NOTFOUND
45269 168.06193774 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\MaxCacheSize NOTFOUND
45270 168.06194948 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\MaxCacheTtl NOTFOUND
45271 168.06196121 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\MaxNegativeCacheTtl NOTFOUND
45272 168.06197294 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\AdapterTimeoutLimit NOTFOUND
45273 168.06198551 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\ServerPriorityTimeLimit NOTFOUND
45274 168.06199725 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\MaxCachedSockets NOTFOUND
45275 168.06200982 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\UseMulticast NOTFOUND
45276 168.06202239 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\MulticastOnNameError NOTFOUND
45277 168.06203412 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\UseDotLocalDomain NOTFOUND
45278 168.06204670 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\DnsCac he\Parameters\ListenOnMulticast NOTFOUND
45279 168.06209950 nvchip4.exe:1356 OpenKey HKLM\System\Setup SUCCESS Key: 0xE176A2F8
45280 168.06211961 nvchip4.exe:1356 QueryValue HKLM\System\Setup\SystemSetupInProgress SUCCE SS 0x0
45281 168.06215397 nvchip4.exe:1356 CloseKey HKLM\System\Setup SUCCESS Key: 0xE176A2F8
45282 168.06218163 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Pa rameters SUCCESS Key: 0xE1DD2D28
45283 168.06220258 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\DnsCache \Parameters SUCCESS Key: 0xE1EB64E0
45284 168.06230650 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\Tcpip\Par ameters SUCCESS Key: 0xE1EB64E0
45285 168.06233500 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DnsQueryTimeouts NOTFOUND
45286 168.06235176 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DnsQuickQueryTimeouts NOTFOUND
45287 168.06236601 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Tcpip\ Parameters\DnsMulticastQueryTimeouts NOTFOUND
45288 168.06239870 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Pa rameters SUCCESS Key: 0xE1EB64E0
45289 168.06287557 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters SUCCESS Key: 0xE1EB64E0
45290 168.06290658 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\WinSock_Registry_Version SUCCESS "2.0"
45291 168.06292586 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\WinSock_Registry_Version SUCCESS "2.0"
45292 168.06299542 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9 SUCCESS Key: 0xE1DD2D28
45293 168.06302056 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Serial_Access_Num SUCCESS 0x13
45294 168.06307001 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Serial_Access_Num SUCCESS 0x13
45295 168.06312951 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\00000013 NOTFOUND
45296 168.06315298 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID SUCCESS 0x42D
45297 168.06317477 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Num_Catalog_Entries SUCCESS 0x16
45298 168.06322170 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries SUCCESS Key: 0xE176A2F8
45299 168.06328624 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 SUCCESS Key: 0xE17ACD48
45300 168.06331138 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem BUFOVRFLOW
45301 168.06335161 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem BUFOVRFLOW
45302 168.06337256 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45303 168.06341614 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 SUCCESS Key: 0xE17ACD48
45304 168.06347900 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 SUCCESS Key: 0xE17ACD48
45305 168.06350414 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem BUFOVRFLOW
45306 168.06352342 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem BUFOVRFLOW
45307 168.06358209 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45308 168.06362148 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 SUCCESS Key: 0xE17ACD48
45309 168.06368182 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 SUCCESS Key: 0xE17ACD48
45310 168.06384022 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem BUFOVRFLOW
45311 168.06387961 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem BUFOVRFLOW
45312 168.06390391 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45313 168.06395504 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 SUCCESS Key: 0xE17ACD48
45314 168.06402628 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 SUCCESS Key: 0xE17ACD48
45315 168.06405142 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem BUFOVRFLOW
45316 168.06406986 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem BUFOVRFLOW
45317 168.06409249 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45318 168.06413188 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 SUCCESS Key: 0xE17ACD48
45319 168.06418719 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 SUCCESS Key: 0xE17ACD48
45320 168.06421149 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem BUFOVRFLOW
45321 168.06423077 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem BUFOVRFLOW
45322 168.06425172 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45323 168.06431290 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 SUCCESS Key: 0xE17ACD48
45324 168.06437576 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 SUCCESS Key: 0xE17ACD48
45325 168.06440090 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem BUFOVRFLOW
45326 168.06441934 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem BUFOVRFLOW
45327 168.06447214 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45328 168.06452075 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 SUCCESS Key: 0xE17ACD48
45329 168.06458361 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 SUCCESS Key: 0xE17ACD48
45330 168.06460791 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem BUFOVRFLOW
45331 168.06462635 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem BUFOVRFLOW
45332 168.06464814 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45333 168.06468753 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 SUCCESS Key: 0xE17ACD48
45334 168.06474452 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 SUCCESS Key: 0xE17ACD48
45335 168.06476967 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem BUFOVRFLOW
45336 168.06478894 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem BUFOVRFLOW
45337 168.06481073 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45338 168.06484761 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 SUCCESS Key: 0xE17ACD48
45339 168.06490544 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 SUCCESS Key: 0xE17ACD48
45340 168.06492974 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem BUFOVRFLOW
45341 168.06494818 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem BUFOVRFLOW
45342 168.06497165 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45343 168.06500852 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 SUCCESS Key: 0xE17ACD48
45344 168.06506551 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 SUCCESS Key: 0xE17ACD48
45345 168.06508898 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem BUFOVRFLOW
45346 168.06510826 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem BUFOVRFLOW
45347 168.06513005 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45348 168.06516692 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 SUCCESS Key: 0xE17ACD48
45349 168.06522224 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 SUCCESS Key: 0xE17ACD48
45350 168.06524570 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem BUFOVRFLOW
45351 168.06528677 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem BUFOVRFLOW
45352 168.06533538 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45353 168.06538986 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 SUCCESS Key: 0xE17ACD48
45354 168.06545607 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 SUCCESS Key: 0xE17ACD48
45355 168.06548037 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem BUFOVRFLOW
45356 168.06549965 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem BUFOVRFLOW
45357 168.06552228 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45358 168.06555999 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 SUCCESS Key: 0xE17ACD48
45359 168.06561698 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 SUCCESS Key: 0xE17ACD48
45360 168.06564129 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem BUFOVRFLOW
45361 168.06566140 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem BUFOVRFLOW
45362 168.06568235 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45363 168.06571923 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 SUCCESS Key: 0xE17ACD48
45364 168.06577538 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 SUCCESS Key: 0xE17ACD48
45365 168.06580052 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem BUFOVRFLOW
45366 168.06581896 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem BUFOVRFLOW
45367 168.06584075 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45368 168.06587679 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 SUCCESS Key: 0xE17ACD48
45369 168.06593210 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 SUCCESS Key: 0xE17ACD48
45370 168.06595641 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\PackedCatalogItem BUFOVRFLOW
45371 168.06597652 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\PackedCatalogItem BUFOVRFLOW
45372 168.06602429 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45373 168.06607207 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 SUCCESS Key: 0xE17ACD48
45374 168.06613241 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 SUCCESS Key: 0xE17ACD48
45375 168.06615671 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\PackedCatalogItem BUFOVRFLOW
45376 168.06617515 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\PackedCatalogItem BUFOVRFLOW
45377 168.06619778 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45378 168.06623549 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 SUCCESS Key: 0xE17ACD48
45379 168.06631595 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 SUCCESS Key: 0xE17ACD48
45380 168.06634277 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\PackedCatalogItem BUFOVRFLOW
45381 168.06636205 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\PackedCatalogItem BUFOVRFLOW
45382 168.06638468 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45383 168.06642574 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 SUCCESS Key: 0xE17ACD48
45384 168.06648609 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 SUCCESS Key: 0xE17ACD48
45385 168.06650871 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\PackedCatalogItem BUFOVRFLOW
45386 168.06652799 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\PackedCatalogItem BUFOVRFLOW
45387 168.06654978 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45388 168.06658917 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 SUCCESS Key: 0xE17ACD48
45389 168.06664616 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 SUCCESS Key: 0xE17ACD48
45390 168.06666963 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\PackedCatalogItem BUFOVRFLOW
45391 168.06668807 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\PackedCatalogItem BUFOVRFLOW
45392 168.06671069 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45393 168.06674757 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 SUCCESS Key: 0xE17ACD48
45394 168.06680540 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 SUCCESS Key: 0xE17ACD48
45395 168.06684395 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\PackedCatalogItem BUFOVRFLOW
45396 168.06686407 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\PackedCatalogItem BUFOVRFLOW
45397 168.06690513 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45398 168.06694452 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 SUCCESS Key: 0xE17ACD48
45399 168.06700319 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 SUCCESS Key: 0xE17ACD48
45400 168.06702833 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\PackedCatalogItem BUFOVRFLOW
45401 168.06704677 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\PackedCatalogItem BUFOVRFLOW
45402 168.06706940 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45403 168.06710628 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 SUCCESS Key: 0xE17ACD48
45404 168.06716327 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 SUCCESS Key: 0xE17ACD48
45405 168.06718757 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022\PackedCatalogItem BUFOVRFLOW
45406 168.06720601 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022\PackedCatalogItem BUFOVRFLOW
45407 168.06722864 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022\PackedCatalogItem SUCCESS 25 53 79 73 74 65 6D 52 ...
45408 168.06726384 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 SUCCESS Key: 0xE17ACD48
45409 168.06758650 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries SUCCESS Key: 0xE176A2F8
45410 168.06768791 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\NameSpace_Catalog5 SUCCESS Key: 0xE176A2F8
45411 168.06771725 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Serial_Access_Num SUCCESS 0x5
45412 168.06776669 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Serial_Access_Num SUCCESS 0x5
45413 168.06780022 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\NameSpace_Catalog5\00000005 NOTFOUND
45414 168.06782201 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries SUCCESS 0x4
45415 168.06786727 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\NameSpace_Catalog5\Catalog_Entries SUCCESS Key: 0xE17ACD48
45416 168.06791671 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 SUCCESS Key: 0xE1ECF428
45417 168.06794018 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath SUCCESS "%SystemRo ot%\System32\mswsock.dll"
45418 168.06798041 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath SUCCESS "%SystemRo ot%\System32\mswsock.dll"
45419 168.06800639 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString SUCCESS "Tcpip"
45420 168.06802231 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString SUCCESS "Tcpip"
45421 168.06804327 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString SUCCESS "Tcpip"
45422 168.06806087 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString SUCCESS "Tcpip"
45423 168.06810361 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderId SUCCESS 40 9D 05 22 9E 7E CF 11 ...
45424 168.06812288 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\AddressFamily NOTFOUND
45425 168.06814384 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\SupportedNameSpace SUCCESS 0xC
45426 168.06816144 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Enabled SUCCESS 0x1
45427 168.06817736 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Version SUCCESS 0x0
45428 168.06819412 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\StoresServiceClassInfo SUCCESS 0x0
45429 168.06823016 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 SUCCESS Key: 0xE1ECF428
45430 168.06829888 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 SUCCESS Key: 0xE1ECF428
45431 168.06832570 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath SUCCESS "%SystemRo ot%\System32\winrnr.dll"
45432 168.06834247 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath SUCCESS "%SystemRo ot%\System32\winrnr.dll"
45433 168.06836426 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString SUCCESS "NTDS"
45434 168.06837934 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString SUCCESS "NTDS"
45435 168.06840197 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString SUCCESS "NTDS"
45436 168.06842125 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString SUCCESS "NTDS"
45437 168.06844555 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderId SUCCESS EE 37 26 3B 80 E5 CF 11 ...
45438 168.06846315 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\AddressFamily NOTFOUND
45439 168.06848997 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\SupportedNameSpace SUCCESS 0x2 0
45440 168.06851008 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Enabled SUCCESS 0x1
45441 168.06852768 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Version SUCCESS 0x0
45442 168.06854864 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\StoresServiceClassInfo SUCCESS 0x0
45443 168.06858216 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 SUCCESS Key: 0xE1ECF428
45444 168.06866597 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 SUCCESS Key: 0xE1ECF428
45445 168.06869195 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath SUCCESS "%SystemRo ot%\System32\mswsock.dll"
45446 168.06870871 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath SUCCESS "%SystemRo ot%\System32\mswsock.dll"
45447 168.06873386 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString SUCCESS "ÍøÂçλÖÃÖªÏþ (NLA) Ãû³Æ¿Õ¼ä "
45448 168.06875146 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString SUCCESS "ÍøÂçλÖÃÖªÏþ (NLA) Ãû³Æ¿Õ¼ä "
45449 168.06884532 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString SUCCESS "ÍøÂçλÖÃÖªÏþ (NLA) Ãû³Æ¿Õ¼ä "
45450 168.06886376 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString SUCCESS "ÍøÂçλÖÃÖªÏþ (NLA) Ãû³Æ¿Õ¼ä "
45451 168.06890986 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ProviderId SUCCESS 3A 24 42 66 A8 3B A6 4A ...
45452 168.06892829 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\AddressFamily NOTFOUND
45453 168.06894673 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\SupportedNameSpace SUCCESS 0xF
45454 168.06896601 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\Enabled SUCCESS 0x1
45455 168.06898193 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\Version SUCCESS 0x0
45456 168.06899869 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\StoresServiceClassInfo SUCCESS 0x1
45457 168.06903473 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 SUCCESS Key: 0xE1ECF428
45458 168.06910178 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\WinSock2\ Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 SUCCESS Key: 0xE1ECF428
45459 168.06912776 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath SUCCESS "%SystemRo ot%\System32\nwprovau.dll"
45460 168.06914452 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath SUCCESS "%SystemRo ot%\System32\nwprovau.dll"
45461 168.06918559 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString SUCCESS "NWLink IPX/SPX/NetBIOS Compatible Transport Protocol"
45462 168.06920319 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString SUCCESS "NWLink IPX/SPX/NetBIOS Compatible Transport Protocol"
45463 168.06922330 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString SUCCESS "NWLink IPX/SPX/NetBIOS Compatible Transport Protocol"
45464 168.06924258 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString SUCCESS "NWLink IPX/SPX/NetBIOS Compatible Transport Protocol"
45465 168.06926521 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ProviderId SUCCESS F0 AA 2D E0 9F 7E CF 11 ...
45466 168.06929035 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\AddressFamily NOTFOUND
45467 168.06931214 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\SupportedNameSpace SUCCESS 0x1
45468 168.06932974 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\Enabled SUCCESS 0x1
45469 168.06934567 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\Version SUCCESS 0x1
45470 168.06936075 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\WinSoc k2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\StoresServiceClassInfo SUCCESS 0x0
45471 168.06939595 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 SUCCESS Key: 0xE1ECF428
45472 168.06942277 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\NameSpace_Catalog5\Catalog_Entries SUCCESS Key: 0xE17ACD48
45473 168.06945043 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters SUCCESS Key: 0xE1EB64E0
45474 168.06954765 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Services\Winsock2\ Parameters SUCCESS Key: 0xE1EB64E0
45475 168.06957195 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Services\Winsoc k2\Parameters\Ws2_32NumHandleBuckets NOTFOUND
45476 168.06960548 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Services\Winsock2 \Parameters SUCCESS Key: 0xE1EB64E0
45477 169.08636738 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls NOTFOUND
45478 169.08642772 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility SUCCESS Key: 0xE1EB64E0
45479 169.08644700 nvchip4.exe:1356 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat NOTFOUND
45480 169.08648387 nvchip4.exe:1356 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility SUCCESS Key: 0xE1EB64E0
45481 169.08803854 nvchip4.exe:1356 OpenKey HKLM\System\WPA\TabletPC SUCCESS Key: 0xE1EB64E0
45482 169.08806703 nvchip4.exe:1356 QueryValue HKLM\System\WPA\TabletPC\Installed SUCCESS 0x 0
45483 169.08810391 nvchip4.exe:1356 CloseKey HKLM\System\WPA\TabletPC SUCCESS Key: 0xE1EB64E0
45484 169.08814246 nvchip4.exe:1356 OpenKey HKLM\SYSTEM\WPA\MediaCenter NOTFOUND
45485 169.08901995 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers NOTFOUND
45486 169.08910292 nvchip4.exe:1356 OpenKey HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers NOTFOUND
45487 169.08913728 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\nvchip4.exe NOTFOUND
45488 169.09011869 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\O ption NOTFOUND
45489 169.09016814 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers SUCCESS Key: 0xE1EB64E0
45490 169.09018993 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\TransparentEnabled SUCCESS 0x1
45491 169.09020418 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\AuthenticodeEnabled SUCCESS 0x0
45492 169.09024021 nvchip4.exe:1356 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers SUCCESS Key: 0xE1EB64E0
45493 169.09035755 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\L evelObjects NOTFOUND
45494 169.09040448 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers SUCCESS Key: 0xE1EB64E0
45495 169.09042543 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\Levels NOTFOUND
45496 169.09081515 nvchip4.exe:1356 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers SUCCESS Key: 0xE1EB64E0
45497 169.09103641 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\0\Paths SUCCESS Key: 0xE1EB64E0
45498 169.09132890 nvchip4.exe:1356 EnumerateKey HKLM\Software\Policies\Microsoft\Windows\Sa fer\CodeIdentifiers\0\Paths SUCCESS Name: {dda3f824-d8cb-441b-834d-be2efd2c1a33}
45499 169.09142361 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} SUCCESS Key: 0xE17ACD48
45500 169.09145126 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ItemData SUCCESS "%HKEY_CUR RENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*"
45501 169.09147808 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\SaferFlags SUCCESS 0x0
45502 169.09151747 nvchip4.exe:1356 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} SUCCESS Key: 0xE17ACD48
45503 169.09154010 nvchip4.exe:1356 EnumerateKey HKLM\Software\Policies\Microsoft\Windows\Sa fer\CodeIdentifiers\0\Paths NOMORE
45504 169.09157781 nvchip4.exe:1356 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers\0\Paths SUCCESS Key: 0xE1EB64E0
45505 169.09164235 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\0\Hashes NOTFOUND
45506 169.09167839 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\0\UrlZones NOTFOUND
45507 169.09173286 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\4096\Paths NOTFOUND
45508 169.09176471 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\4096\Hashes NOTFOUND
45509 169.09179321 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\4096\UrlZones NOTFOUND
45510 169.09182254 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\65536\Paths NOTFOUND
45511 169.09184936 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\65536\Hashes NOTFOUND
45512 169.09187534 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\65536\UrlZones NOTFOUND
45513 169.09190383 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\131072\Paths NOTFOUND
45514 169.09192981 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\131072\Hashes NOTFOUND
45515 169.09195496 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\131072\UrlZones NOTFOUND
45516 169.09198429 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\262144\Paths NOTFOUND
45517 169.09201530 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\262144\Hashes NOTFOUND
45518 169.09204380 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\262144\UrlZones NOTFOUND
45519 169.09212006 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\0\Paths NOTFOUND
45520 169.09217957 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\0\Hashes NOTFOUND
45521 169.09223656 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\0\UrlZones NOTFOUND
45522 169.09229858 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\4096\Paths NOTFOUND
45523 169.09235724 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\4096\Hashes NOTFOUND
45524 169.09241591 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\4096\UrlZones NOTFOUND
45525 169.09247541 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\65536\Paths NOTFOUND
45526 169.09253324 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\65536\Hashes NOTFOUND
45527 169.11878322 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\65536\UrlZones NOTFOUND
45528 169.11885530 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\131072\Paths NOTFOUND
45529 169.14875266 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\131072\Hashes NOTFOUND
45530 169.14930748 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\131072\UrlZones NOTFOUND
45531 169.14937118 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\262144\Paths NOTFOUND
45532 169.15025704 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\262144\Hashes NOTFOUND
45533 169.15550017 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers\262144\UrlZones NOTFOUND
45534 169.15556805 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers SUCCESS Key: 0xE17ACD48
45535 169.15559152 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\DefaultLevel SUCCESS 0x40000
45536 169.15642459 nvchip4.exe:1356 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers SUCCESS Key: 0xE17ACD48
45537 169.15651510 nvchip4.exe:1356 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers NOTFOUND
45538 169.15665171 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers SUCCESS Key: 0xE17ACD48
45539 169.15667518 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\PolicyScope SUCCESS 0x0
45540 169.15774207 nvchip4.exe:1356 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers SUCCESS Key: 0xE17ACD48
45541 169.15846199 nvchip4.exe:1356 OpenKey HKCU SUCCESS Key: 0xE17ACD48
45542 169.15851731 nvchip4.exe:1356 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\E xplorer\Shell Folders SUCCESS Key: 0xE1EB64E0
45543 169.15855335 nvchip4.exe:1356 CloseKey HKCU SUCCESS Key: 0xE17ACD48
45544 169.15858436 nvchip4.exe:1356 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersio n\Explorer\Shell Folders\Cache BUFOVRFLOW
45545 169.15860782 nvchip4.exe:1356 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersio n\Explorer\Shell Folders\Cache SUCCESS "C:\Documents and Settings\jiahe\Local Settings\Temporary Internet Files"
45546 169.15863716 nvchip4.exe:1356 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\ Explorer\Shell Folders SUCCESS Key: 0xE1EB64E0
45547 169.15874946 nvchip4.exe:1356 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers SUCCESS Key: 0xE1EB64E0
45548 169.15904112 nvchip4.exe:1356 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safe r\CodeIdentifiers\LogFileName NOTFOUND
45549 169.15909476 nvchip4.exe:1356 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\ CodeIdentifiers SUCCESS Key: 0xE1EB64E0
45550 169.15916180 nvchip4.exe:1356 OpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\O ption NOTFOUND
45551 169.15922466 nvchip4.exe:1356 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvchip4.exe NOTFOUND
45552 169.16328272 nvchip4.exe:864 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvchip4.exe NOTFOUND
45553 169.16474017 nvchip4.exe:864 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1916940
45554 169.16476866 nvchip4.exe:864 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
45555 169.16481140 nvchip4.exe:864 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1916940
45556 169.17080965 nvchip4.exe:864 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1916940
45557 169.17085155 nvchip4.exe:864 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
45558 169.17088592 nvchip4.exe:864 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1916940
45559 169.19449589 nvchip4.exe:864 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE1916940
45560 169.19452355 nvchip4.exe:864 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NOTFOUND
45561 169.19456127 nvchip4.exe:864 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE1916940
45562 169.19605140 nvchip4.exe:864 OpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Op tion NOTFOUND
45563 169.19610504 nvchip4.exe:864 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\Co deIdentifiers SUCCESS Key: 0xE1916940
45564 169.19612850 nvchip4.exe:864 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safer \CodeIdentifiers\TransparentEnabled SUCCESS 0x1
45565 169.19617376 nvchip4.exe:864 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\C odeIdentifiers SUCCESS Key: 0xE1916940
45566 169.19625338 nvchip4.exe:864 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\Co deIdentifiers NOTFOUND
45567 169.19781727 nvchip4.exe:864 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1916940
45568 169.19786587 nvchip4.exe:864 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
45569 169.19791700 nvchip4.exe:864 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled SUCCESS 0x0
45570 169.19797231 nvchip4.exe:864 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Key: 0xE1916940
45571 169.19805612 nvchip4.exe:864 OpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Key: 0xE1916940
45572 169.19808043 nvchip4.exe:864 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack NOTFOUND
45573 169.19811144 nvchip4.exe:864 CloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Key: 0xE1916940
45574 169.19816256 nvchip4.exe:864 OpenKey HKLM SUCCESS Key: 0xE1916940
45575 169.19819189 nvchip4.exe:864 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NOTFOUND
45576 169.20015136 nvchip4.exe:864 OpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument\ NOTFOUND
45577 169.20076987 nvchip4.exe:864 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Key: 0xE176A2F8
45578 169.20080507 nvchip4.exe:864 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32\nvchip4 NOTFOUND
45579 169.20083357 nvchip4.exe:864 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Key: 0xE176A2F8
45580 169.20090062 nvchip4.exe:864 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS Key: 0xE176

to forum · permalink · 2004-03-09 02:35:41 ·
Forums > Broadband Tech > Security > Security
page: 1 · 2

Monday, 04-Jun 10:44:49 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics