PDA

View Full Version : My computer has been automatically rebooting itself.



BrownCloud
2010-09-29, 09:15
My computer has been crashing. I've scanned it with Malwarebytes' Anti-Malware and Avira AntiVir Personal - Free Antivirus, and they got rid of a few things together, but my computer seems to be rebooting even more frequently even after that. Can you help me?


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gabe at 22:52:20.85 on Tue 09/28/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.518 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\Documents and Settings\Gabe\My Documents\My Pictures\print screen\ScreenCapture.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Gabe\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [DOpus] c:\program files\gpsoftware\directory opus\dopus.exe
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint"

updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go"

updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer"

updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite"

updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [jswtrayutil] "c:\program files\netgear\wnda3100\jswtrayutil.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {2BCF312F-D475-4A4A-BC03-85F196444F3A} = 156.154.70.22,156.154.71.22
TCP: {FFA82A17-36F2-4FBD-90E1-F8DA5ACD9436} = 156.154.70.22,156.154.71.22
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-

8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gabe\applic~1\mozilla\firefox\profiles\bwbn9q91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\gabe\application data\mozilla\firefox\profiles\bwbn9q91.default\extensions\{e2883e8f-472f-4fb0-9522-

ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5

\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {E78CD27B-8DC4-477A-94C4-9B777B2F16AF} - c:\documents and settings\gabe\local settings\application

data\{E78CD27B-8DC4-477A-94C4-9B777B2F16AF}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref

("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? gupdate;Google Update Service (gupdate)
R? jswpsapi;Jumpstart Wifi Protected Setup
R? nosGetPlusHelper;getPlus(R) Helper 3004
R? WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? BRA_Scheduler;Brother BRAdminPro Scheduler
S? cmdAgent;COMODO Internet Security Helper Service
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? CXFALCON;Conexant Falcon II NTSC Video Capture
S? d347bus;d347bus
S? d347prt;d347prt
S? DNINDIS5;DNINDIS5 NDIS Protocol Driver
S? JSWSCIMD;jswscimd Service
S? McrdSvc;Media Center Extender Service
S? WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service

=============== Created Last 30 ================

2010-09-28 21:14:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-09-01 07:37:03 423656 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-09-28 20:55:44 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-28 20:55:43 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-28 20:55:43 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-28 20:55:43 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-28 18:59:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-01-07 01:20:52 1095193104 ----a-w- c:\program files\MSSetupv63.exe
2006-11-19 19:59:12 32 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 22:55:51.54 ===============

oldman960
2010-10-02, 21:51
Hi BrownCloud ,

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.



AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
You have 2 possibly 3, Comodo Internet Sercurity has the option to install an AV also, antivirus programs installed plus 2 firewalls. These programs are going to conflict and cause slowdowns, system lockups etc. Multiple AVs and firewall do not mean more protection. It generally means less for the reasons stated above.

Decide on which antivirus progran and firewall you want and uninstall the others via add/remove programs. Let me know which you decided to keep.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop. Click here to download it (http://www.geekstogo.com/forum/files/download/395-otl-custom-scan-file-scantxt/). You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
Click the OK button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Please post back with
both OTL logs
Please tell us all the symptoms you are experiencing at the moment.

Thanks

BrownCloud
2010-10-03, 08:42
I'm keeping AntiVir (antivirus program) and COMODO (firewall). I uninstalled BitDefender before I installed the AntiVir and COMODO which was a long time ago. BitDefender isn't in the list of add/remove programs, so I don't know why it's still popping up in the report. I'd appreciate if you can instruct me how to remove BitDefender files completely. Here are the logs you requested:



GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:43 on 02/10/2010 (Gabe)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{E78CD27B-8DC4-477A-94C4-9B777B2F16AF} -> Success!
Deleting C:\Documents and Settings\Gabe\Local Settings\Application Data\{E78CD27B-8DC4-477A-94C4-9B777B2F16AF} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:35 18/02/2009]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [22:21 14/07/2010]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [01:37 24/01/2009]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [07:37 01/09/2010]

C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\
{35106bca-6c78-48c7-ac28-56df30b51d2d} [18:57 21/04/2010]
{888d99e7-e8b5-46a3-851e-1ec45da1e644} [07:38 01/09/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [15:19 29/08/2010]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [15:18 29/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [09:48 21/04/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:37 24/01/2009]

-=E.O.F=-

BrownCloud
2010-10-03, 08:46
OTL logfile created on: 10/2/2010 9:51:15 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Gabe\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 271.94 Gb Total Space | 74.84 Gb Free Space | 27.52% Space Free | Partition Type: NTFS
Drive D: | 7.49 Gb Total Space | 0.47 Gb Free Space | 6.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 309.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FINALFANTASYV
Current User Name: Gabe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gabe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Documents and Settings\Gabe\My Documents\My Pictures\print screen\ScreenCapture.exe (Mediachase LTD)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\arpwrmsg.exe (Microsoft)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Gabe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll (GP Software)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BRA_Scheduler) -- C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys File not found
DRV - (LVRS) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys File not found
DRV - (ftsata2) -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (2WIREPCP) -- C:\WINDOWS\System32\DRIVERS\2WirePCP.sys File not found
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (WNDA3100) -- C:\WINDOWS\system32\drivers\WNDA31.sys (Atheros Communications, Inc.)
DRV - (WlanUIG) -- C:\WINDOWS\system32\drivers\WlanUIG.sys (Conexant Systems, Inc.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (CXFALCON) -- C:\WINDOWS\system32\drivers\cxfalcon.sys (Conexant Systems, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {E78CD27B-8DC4-477A-94C4-9B777B2F16AF}:1.9.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 19:30:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/01 00:37:03 | 000,000,000 | ---D | M]

[2009/02/17 18:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Extensions
[2010/09/01 00:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions
[2010/04/21 11:57:14 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/09/01 00:38:17 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/08/29 08:19:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/29 08:18:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/06 00:08:14 | 000,002,068 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\searchplugins\youtube-downloader.xml
[2010/09/11 10:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 15:21:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/01 00:37:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/04/28 22:22:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/09/16 02:17:53 | 000,292,150 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 rad.msn.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10058 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\NETGEAR\WNDA3100\jswtrayutil.exe File not found
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\Screen Capture.lnk = C:\Documents and Settings\Gabe\Application Data\Microsoft\Installer\{FDEC8D4C-FF2B-4F10-BF1E-4AEDCB98D4A9}\NewShortcut1.3B5A4684_043A_46AC_A320_23AA2F29936E.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/23 19:28:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 12:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0fe66621-14d6-11df-8286-0003c9617689}\Shell\AutoRun\command - "" = L:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\Shell\AutoRun\command - "" = RECYCLER\restore.exe
O33 - MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\Shell\open\command - "" = RECYCLER\restore.exe
O33 - MountPoints2\{c8f4af72-e222-11de-8222-0003c9617689}\Shell - "" = AutoRun
O33 - MountPoints2\{c8f4af72-e222-11de-8222-0003c9617689}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c8f4af72-e222-11de-8222-0003c9617689}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)
MsConfig - StartUpReg: [b]AVG8_TRAY - hkey= - key= - C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
MsConfig - StartUpReg: DISCover - hkey= - key= - C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
MsConfig - StartUpReg: DiscUpdateManager - hkey= - key= - C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPBootOp - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HPHUPD08 - hkey= - key= - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe File not found
MsConfig - StartUpReg: IMEKRMIG6.1 - hkey= - key= - C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - c:\Program Files\Norton Internet Security\cfgwiz.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
MsConfig - StartUpReg: Lqurezuquj - hkey= - key= - C:\WINDOWS\oampidr.DLL File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OutpostFeedBack - hkey= - key= - C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: Qgewehokonip - hkey= - key= - C:\WINDOWS\ogixejowera.DLL File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: URLLSTCK.exe - hkey= - key= - c:\Program Files\Norton Internet Security\UrlLstCk.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (13524353798897664)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/02 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabe\Desktop\GooredFix Backups
[2010/10/02 21:24:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gabe\Desktop\OTL.exe
[2010/10/02 21:23:40 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Gabe\Desktop\GooredFix.exe
[2010/09/28 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/28 16:42:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Gabe\Desktop\erunt-setup.exe
[2010/09/28 16:02:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gabe\Recent
[2010/09/28 14:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/17 02:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/01 00:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/01 00:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/29 08:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/08/29 08:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/08/29 08:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/28 14:39:28 | 000,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2010/07/28 14:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/07/28 13:19:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2010/07/28 13:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/07/28 13:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/07/16 12:27:02 | 000,237,568 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\wlanapi.dll
[2010/07/16 12:26:39 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll
[2010/07/14 15:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/05 17:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabe\Application Data\vlc
[2010/07/05 17:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2008/05/24 18:02:24 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008/05/24 18:02:24 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[3 C:\Documents and Settings\Gabe\Desktop\*.tmp files -> C:\Documents and Settings\Gabe\Desktop\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/02 21:24:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabe\Desktop\OTL.exe
[2010/10/02 21:23:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Gabe\Desktop\GooredFix.exe
[2010/10/02 21:22:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/02 21:22:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/02 15:16:26 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/02 15:14:32 | 000,000,337 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/10/02 15:14:18 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\Screen Capture.lnk
[2010/10/02 15:13:55 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/02 15:13:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/02 15:12:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/02 15:12:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/02 15:12:47 | 1609,023,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 15:11:28 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Gabe\NTUSER.DAT
[2010/10/02 15:11:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gabe\ntuser.ini
[2010/10/01 13:00:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/09/30 17:16:28 | 002,111,672 | -H-- | M] () -- C:\Documents and Settings\Gabe\Local Settings\Application Data\IconCache.db
[2010/09/29 19:43:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/09/29 19:43:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/29 14:25:19 | 000,019,812 | ---- | M] () -- C:\Documents and Settings\Gabe\My Documents\20100929-142516.png
[2010/09/28 23:14:31 | 000,004,450 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\Attach.zip
[2010/09/28 22:50:09 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/28 22:50:08 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\ERUNT.lnk
[2010/09/28 21:56:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/28 21:43:13 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Gabe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/28 16:47:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\dds.scr
[2010/09/28 16:42:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Gabe\Desktop\erunt-setup.exe
[2010/09/28 16:01:22 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\CCleaner.lnk
[2010/09/28 01:47:12 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\Revo Uninstaller.lnk
[2010/09/28 00:23:26 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Gabe\My Documents\My Sharing Folders.lnk
[2010/09/24 21:29:32 | 000,000,755 | ---- | M] () -- C:\WINDOWS\ahd3.ini
[2010/09/23 17:16:50 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/09/23 16:48:01 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 07:09:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/13 09:21:39 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\Logitech QuickCam.lnk
[2010/09/13 09:21:39 | 000,001,795 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/09/13 09:21:39 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\LightScribe.lnk
[2010/09/13 09:21:39 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\COMODO Firewall.lnk
[2010/09/13 09:21:39 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\GOM Player.lnk
[2010/08/29 08:17:12 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/29 08:17:12 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/28 14:39:17 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/07/28 14:39:17 | 000,001,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/07/15 14:43:52 | 000,523,844 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/15 14:43:52 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/15 14:43:52 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/13 21:43:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/07/13 21:43:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[3 C:\Documents and Settings\Gabe\Desktop\*.tmp files -> C:\Documents and Settings\Gabe\Desktop\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/29 19:43:31 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/09/29 14:25:19 | 000,019,812 | ---- | C] () -- C:\Documents and Settings\Gabe\My Documents\20100929-142516.png
[2010/09/28 23:14:31 | 000,004,450 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\Attach.zip
[2010/09/28 22:50:09 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/28 22:50:08 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\ERUNT.lnk
[2010/09/28 16:47:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\dds.scr
[2010/09/23 16:48:01 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 09:21:39 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\Logitech QuickCam.lnk
[2010/09/13 09:21:39 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/09/13 09:21:39 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\LightScribe.lnk
[2010/09/13 09:21:39 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\COMODO Firewall.lnk
[2010/09/13 09:21:39 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\GOM Player.lnk
[2010/08/29 08:17:12 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/28 14:39:17 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/07/28 14:39:17 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/07/13 21:43:25 | 000,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2010/07/13 21:43:25 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2010/04/20 17:07:00 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 04:43:00 | 000,000,337 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/12/07 00:07:38 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/12/07 00:07:08 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/12/07 00:07:08 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/12/07 00:06:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/12/07 00:06:06 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/12/07 00:06:03 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/12/07 00:06:03 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/22 15:37:53 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/17 03:27:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.8.64263.468_XP_Vista_x32.INI
[2009/02/10 19:09:15 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Gabe\Application Data\evf
[2009/02/02 19:40:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/22 21:32:57 | 000,000,755 | ---- | C] () -- C:\WINDOWS\ahd3.ini
[2009/01/06 17:43:34 | 1095,193,104 | ---- | C] () -- C:\Program Files\MSSetupv63.exe
[2009/01/02 08:09:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/12/25 18:54:22 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/25 18:54:19 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/25 18:54:19 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/25 18:54:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/25 18:54:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/06/05 17:51:43 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008/05/24 23:28:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/05/24 23:28:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/05/24 23:28:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/05/24 16:50:38 | 000,042,965 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/05/24 16:50:38 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/05/24 16:50:24 | 000,002,064 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\HPSU_48BitScanUpdate.log
[2008/05/24 16:50:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/05/24 16:40:01 | 000,002,795 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\PatchUpdate_InstantShareJPG.log
[2008/05/24 16:40:01 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/05/24 16:37:54 | 000,027,601 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/05/24 16:37:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/05/24 09:51:39 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/05/23 21:45:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxbhlcnp.dll
[2008/05/23 14:29:08 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Gabe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/23 14:16:31 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gabe\Local Settings\Application Data\fusioncache.dat
[2005/12/23 19:57:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/23 19:36:04 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/12/23 19:31:45 | 000,014,318 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/12/23 19:31:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/12/23 19:29:00 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/23 19:25:33 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/23 19:20:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/23 19:20:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/23 19:20:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/23 19:20:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/23 19:20:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/23 19:20:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/23 19:14:24 | 000,000,133 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/23 19:13:22 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/12/23 19:02:01 | 000,010,533 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/23 18:57:21 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/23 18:57:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/23 18:57:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/23 18:57:20 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/23 18:42:21 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/23 18:35:43 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/12/23 18:35:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/12/23 18:35:18 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 13:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/02/22 13:36:39 | 000,000,960 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll

========== LOP Check ==========

[2008/05/23 22:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/05/24 11:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GPSoftware
[2009/10/17 05:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/04/21 01:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/05/30 02:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/07/28 13:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/03/31 12:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/09/28 14:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/28 22:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/19 19:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/04/11 04:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/23 23:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/03 00:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2010/05/20 07:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/20 14:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/05/23 23:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Aim
[2009/03/31 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Azureus
[2005/12/23 19:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Digital Interactive Systems Corporation
[2008/05/24 11:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\GPSoftware
[2009/10/17 05:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\ijjigame
[2008/05/23 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\InterVideo
[2008/05/24 22:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Leadertech
[2010/04/23 19:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Mp3tag
[2008/05/23 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\MSNInstaller
[2008/05/31 13:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Nexon
[2008/12/14 21:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Uniblue
[2008/05/24 16:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\WinBatch
[2009/02/11 23:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/12/23 19:28:21 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/26 05:12:59 | 000,156,557 | ---- | M] () -- C:\az.log
[2008/05/23 15:14:12 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/06/11 20:49:02 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2004/08/10 06:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/08/31 05:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/04 02:35:56 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2005/12/23 19:30:51 | 000,000,000 | ---- | M] () -- C:\FailKeys.log
[2010/10/02 15:12:47 | 1609,023,488 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/25 03:53:13 | 000,001,128 | ---- | M] () -- C:\HighLogging.log
[2009/10/17 07:13:11 | 000,002,384 | ---- | M] () -- C:\ijjiFFPlugin.log
[2005/08/31 05:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/31 05:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/10/02 15:12:41 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2005/12/23 19:30:51 | 000,000,121 | ---- | M] () -- C:\PassKeys.log
[2008/10/17 07:17:50 | 000,000,000 | ---- | M] () -- C:\Path.txt
[2008/11/12 09:23:43 | 000,081,964 | ---- | M] () -- C:\Response1.wav
[2008/11/12 09:24:01 | 000,081,964 | ---- | M] () -- C:\Response2.wav
[2008/11/12 09:24:17 | 000,245,804 | ---- | M] () -- C:\Response3.wav
[2008/11/12 09:24:33 | 000,245,804 | ---- | M] () -- C:\Response4.wav
[2008/11/12 09:24:56 | 000,491,564 | ---- | M] () -- C:\Response5.wav
[2010/04/23 19:14:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/10 00:16:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/13 21:43:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/04/23 19:14:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/10 00:16:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/13 21:43:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/31 05:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2002/04/25 04:24:12 | 000,077,824 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbhPP5C.DLL
[2003/06/19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/01/06 18:20:52 | 1095,193,104 | ---- | M] () -- C:\Program Files\MSSetupv63.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/30 21:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 21:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 21:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/08/31 05:02:10 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

BrownCloud
2010-10-03, 08:48
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/05/23 14:16:41 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/31 05:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/28 16:42:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Gabe\Desktop\erunt-setup.exe
[2010/10/02 21:23:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Gabe\Desktop\GooredFix.exe
[2010/10/02 21:24:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabe\Desktop\OTL.exe
[3 C:\Documents and Settings\Gabe\Desktop\*.tmp files -> C:\Documents and Settings\Gabe\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/05/23 14:16:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Gabe\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/02/17 17:41:56 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Gabe\Cookies\desktop.ini
[2010/10/02 21:54:38 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Gabe\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2004/10/13 16:24:38 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 09:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[12 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2002/12/06 20:10:40 | 000,002,238 | ---- | M] () -- C:\WINDOWS\system32\doc.ico
[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system\*.dat >
[2010/10/02 15:16:26 | 000,000,188 | ---- | M] () -- C:\WINDOWS\system\hpsysdrv.DAT

< %systemroot%\system\*.exe >
[1998/05/07 09:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/04/21 02:18:13 | 000,277,597 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/02 15:11:28 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Gabe\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2007/03/26 18:34:12 | 000,052,032 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\BRMD05A.EXE
[2007/01/26 04:06:00 | 000,116,544 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\BRQIKMON.EXE
[2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
[2001/01/19 08:50:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\INSTMON.EXE
[2002/04/25 03:38:36 | 000,286,720 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXBCES.EXE
[2000/02/09 01:35:42 | 000,170,496 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lexdrvin.exe
[2000/12/14 09:04:24 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lexgo.EXE
[2002/04/25 03:54:18 | 000,135,168 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lexping.exe
[2002/04/25 03:35:18 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXPPS.EXE
[2002/04/25 03:53:12 | 000,143,360 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhcfg.exe
[2002/04/25 03:54:58 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhih.exe
[2002/04/25 04:25:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhJSWX.EXE
[2002/04/25 04:01:22 | 000,520,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhlsnt.exe
[2002/04/25 04:25:46 | 000,098,304 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhPSWX.EXE
[2002/04/25 05:20:18 | 000,057,856 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhUN5C.EXE
[2002/04/25 04:02:16 | 000,053,248 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhweb.exe
[2001/10/31 09:44:18 | 000,311,612 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WAVS.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
[2005/12/23 19:12:46 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv
[2005/12/23 19:12:46 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv
[2005/12/23 19:12:46 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv
[2005/12/23 19:12:46 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv
[2005/12/23 19:12:46 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-14 06:18:59

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

BrownCloud
2010-10-03, 08:49
OTL Extras logfile created on: 10/2/2010 9:51:15 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Gabe\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 271.94 Gb Total Space | 74.84 Gb Free Space | 27.52% Space Free | Partition Type: NTFS
Drive D: | 7.49 Gb Total Space | 0.47 Gb Free Space | 6.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 309.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FINALFANTASYV
Current User Name: Gabe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57578:TCP" = 57578:TCP:*:Enabled:Pando Media Booster
"57578:UDP" = 57578:UDP:*:Enabled:Pando Media Booster
"58497:TCP" = 58497:TCP:*:Enabled:Pando Media Booster
"58497:UDP" = 58497:UDP:*:Enabled:Pando Media Booster
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}" = LightScribe Template Designs - 9 to 5 Pack 1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33F8EAD4-B6EC-498B-B487-696B973D1C0C}" = Windows Live Messenger
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{37F425CF-C83E-4CA6-9215-181C97C1B842}" = Tunebite
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{621AF8B2-75D2-4074-BA44-79178A617255}" = Windows Live installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C3C538E5-524C-4253-AA74-0EEEF34990EA}" = DiscJuggler
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB457427-E7B9-4252-9217-0DC5FADE980F}" = MapleStory
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DFB0FED6-0010-4E9B-A402-E513F2459161}" = muvee autoProducer unPlugged 1.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7137AFD-4E43-47A6-BDC7-533808F72B36}" = muvee autoProducer 4.5
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FDEC8D4C-FF2B-4F10-BF1E-4AEDCB98D4A9}" = Mediachase Screen Capture
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"DISCover" = DISCover
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImTOO 3GP Video Converter" = ImTOO 3GP Video Converter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.0 Full
"Lexmark Z54" = Lexmark Z54
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mihov Picture Downloader" = Mihov Picture Downloader 1.4 (remove only)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"MP4 Video Converter 3" = MP4 Video Converter 3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"SpywareBlaster_is1" = SpywareBlaster 4.2
"The Typing of the Dead" = The Typing of the Dead
"Tunatic" = Tunatic
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2010 5:00:27 PM | Computer Name = FINALFANTASYV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/28/2010 5:00:28 PM | Computer Name = FINALFANTASYV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/28/2010 5:04:12 PM | Computer Name = FINALFANTASYV | Source = Application Error | ID = 1000
Description = Faulting application kbd.exe, version 1.0.2.2, faulting module ole32.dll,
version 5.1.2600.2726, fault address 0x0004d130.

Error - 9/28/2010 5:04:31 PM | Computer Name = FINALFANTASYV | Source = Application Error | ID = 1001
Description = Fault bucket 234113315.

Error - 9/28/2010 5:27:22 PM | Computer Name = FINALFANTASYV | Source = Application Error | ID = 1000
Description = Faulting application kbd.exe, version 1.0.2.2, faulting module ole32.dll,
version 5.1.2600.2726, fault address 0x0004d130.

Error - 9/28/2010 5:55:13 PM | Computer Name = FINALFANTASYV | Source = Application Error | ID = 1000
Description = Faulting application kbd.exe, version 1.0.2.2, faulting module ole32.dll,
version 5.1.2600.2726, fault address 0x0004d130.

Error - 9/29/2010 1:22:08 AM | Computer Name = FINALFANTASYV | Source = Google Update | ID = 20
Description =

Error - 9/29/2010 2:56:58 AM | Computer Name = FINALFANTASYV | Source = Application Error | ID = 1000
Description = Faulting application gom.exe, version 2.1.25.5017, faulting module
gsfu.ax, version 0.0.0.0, fault address 0x0004bf2d.

Error - 10/1/2010 3:26:06 AM | Computer Name = FINALFANTASYV | Source = Application Error | ID = 1000
Description = Faulting application gom.exe, version 2.1.25.5017, faulting module
gsfu.ax, version 0.0.0.0, fault address 0x0004bfba.

Error - 10/2/2010 5:54:17 PM | Computer Name = FINALFANTASYV | Source = Avira AntiVir | ID = 4122
Description = Unable to load file <AVEvtLog>. Returned error code:

[ System Events ]
Error - 9/30/2010 8:19:19 PM | Computer Name = FINALFANTASYV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/1/2010 12:04:19 AM | Computer Name = FINALFANTASYV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/1/2010 3:18:55 AM | Computer Name = FINALFANTASYV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/1/2010 3:20:41 PM | Computer Name = FINALFANTASYV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/1/2010 10:02:40 PM | Computer Name = FINALFANTASYV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/2/2010 1:30:19 AM | Computer Name = FINALFANTASYV | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 10/2/2010 3:31:41 PM | Computer Name = FINALFANTASYV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/2/2010 5:54:23 PM | Computer Name = FINALFANTASYV | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Lexmark Z54 share name Printer2.

Error - 10/2/2010 5:54:30 PM | Computer Name = FINALFANTASYV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/2/2010 6:13:16 PM | Computer Name = FINALFANTASYV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >

BrownCloud
2010-10-03, 09:05
I did the OTL scan twice. I don't know if I did the first one right, so I did it a again but that time I did as you instructed me to perfectly. I posted the first OTL logfile only. Would you like the second OTL scan logfile also?

Symptoms:

My computer continues to crash while doing simple activities like watching youtube, transferring files, or playing Maplestory. The crashes happen abruptly and in this sequence (all in a short instant): the screen would freeze first, the cursor would freeze afterward, the screen turns black, then the computer would come out of it and run again fine or it would simply reboot itself. It's usually the second one.

My firewall asked me upon logging on if I wanted to allow "getodd.exe" to run. I always blocked this process. I googled it, and from what I gathered it's a form of malware. Ofc, I'm not sure. So, I want to ask you: what is it?

oldman960
2010-10-03, 20:57
Hi BrownCloud,


My firewall asked me upon logging on if I wanted to allow "getodd.exe" to run. We would need the complete filepath. It may be part of LG's autoupdate.


Let's see if we can get an error code
Click your start button
Right click on My Computer and select properties
Click the Advanced tab
In the Startup and Recovery section click settings
Uncheck Automatically Restart
OK your way out
If an error code is produced when your computer crashes please post the code.


You have some security programs that may interfere with the fixes. Please disable them and leave them disabled until we are done.

WinPatrol

Right-click the running icon of Winpatrol in the sytem tray and choose exit.


SPYBOT TEATIMER
Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click on Tools, then click on the Resident Icon in the list.
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
Click on the "System Startup" icon in the List
Uncheck the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done and reboot your computer.



You also have a program that will give false readings in some of the tools.

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.



I did the OTL scan twice. I don't know if I did the first one right, so I did it a again but that time I did as you instructed me to perfectly. I posted the first OTL logfile only. Would you like the second OTL scan logfile also?Yes please post it.


Go HERE (http://www.gmer.net/) to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_th.gif (http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_screen2-1.gif)
Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your next reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If GMER will not run in normal windows, please run it in Safe Mode


Please post back with
GMER log
OTL log
Thanks

BrownCloud
2010-10-04, 00:47
OTL logfile created on: 10/2/2010 10:08:39 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Gabe\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 271.94 Gb Total Space | 74.79 Gb Free Space | 27.50% Space Free | Partition Type: NTFS
Drive D: | 7.49 Gb Total Space | 0.47 Gb Free Space | 6.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 309.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FINALFANTASYV
Current User Name: Gabe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gabe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Documents and Settings\Gabe\My Documents\My Pictures\print screen\ScreenCapture.exe (Mediachase LTD)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\arpwrmsg.exe (Microsoft)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Gabe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll (GP Software)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BRA_Scheduler) -- C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys File not found
DRV - (LVRS) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys File not found
DRV - (ftsata2) -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (2WIREPCP) -- C:\WINDOWS\System32\DRIVERS\2WirePCP.sys File not found
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (WNDA3100) -- C:\WINDOWS\system32\drivers\WNDA31.sys (Atheros Communications, Inc.)
DRV - (WlanUIG) -- C:\WINDOWS\system32\drivers\WlanUIG.sys (Conexant Systems, Inc.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (CXFALCON) -- C:\WINDOWS\system32\drivers\cxfalcon.sys (Conexant Systems, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (d347prt) -- C:\WINDOWS\system32\drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\drivers\d347bus.sys ( )
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {E78CD27B-8DC4-477A-94C4-9B777B2F16AF}:1.9.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 19:30:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/01 00:37:03 | 000,000,000 | ---D | M]

[2009/02/17 18:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Extensions
[2010/09/01 00:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions
[2010/04/21 11:57:14 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/09/01 00:38:17 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/08/29 08:19:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/29 08:18:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/06 00:08:14 | 000,002,068 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Mozilla\Firefox\Profiles\bwbn9q91.default\searchplugins\youtube-downloader.xml
[2010/09/11 10:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 15:21:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/01 00:37:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/04/28 22:22:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/09/16 02:17:53 | 000,292,150 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 rad.msn.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10058 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\NETGEAR\WNDA3100\jswtrayutil.exe File not found
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\Screen Capture.lnk = C:\Documents and Settings\Gabe\Application Data\Microsoft\Installer\{FDEC8D4C-FF2B-4F10-BF1E-4AEDCB98D4A9}\NewShortcut1.3B5A4684_043A_46AC_A320_23AA2F29936E.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gabe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/23 19:28:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 12:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0fe66621-14d6-11df-8286-0003c9617689}\Shell\AutoRun\command - "" = L:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\Shell\AutoRun\command - "" = RECYCLER\restore.exe
O33 - MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\Shell\open\command - "" = RECYCLER\restore.exe
O33 - MountPoints2\{c8f4af72-e222-11de-8222-0003c9617689}\Shell - "" = AutoRun
O33 - MountPoints2\{c8f4af72-e222-11de-8222-0003c9617689}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c8f4af72-e222-11de-8222-0003c9617689}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)
MsConfig - StartUpReg: [b]AVG8_TRAY - hkey= - key= - C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
MsConfig - StartUpReg: DISCover - hkey= - key= - C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
MsConfig - StartUpReg: DiscUpdateManager - hkey= - key= - C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPBootOp - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HPHUPD08 - hkey= - key= - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe File not found
MsConfig - StartUpReg: IMEKRMIG6.1 - hkey= - key= - C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - c:\Program Files\Norton Internet Security\cfgwiz.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
MsConfig - StartUpReg: Lqurezuquj - hkey= - key= - C:\WINDOWS\oampidr.DLL File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OutpostFeedBack - hkey= - key= - C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: Qgewehokonip - hkey= - key= - C:\WINDOWS\ogixejowera.DLL File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: URLLSTCK.exe - hkey= - key= - c:\Program Files\Norton Internet Security\UrlLstCk.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

========== Files/Folders - Created Within 90 Days ==========

[2010/10/02 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabe\Desktop\GooredFix Backups
[2010/10/02 21:24:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gabe\Desktop\OTL.exe
[2010/10/02 21:23:40 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Gabe\Desktop\GooredFix.exe
[2010/09/28 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/28 16:42:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Gabe\Desktop\erunt-setup.exe
[2010/09/28 16:02:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gabe\Recent
[2010/09/28 14:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/17 02:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/01 00:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/01 00:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/29 08:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/08/29 08:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/08/29 08:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/28 14:39:28 | 000,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2010/07/28 14:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/07/28 13:19:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2010/07/28 13:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/07/28 13:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/07/16 12:27:02 | 000,237,568 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\wlanapi.dll
[2010/07/16 12:26:39 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll
[2010/07/14 15:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/05 17:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabe\Application Data\vlc
[2010/07/05 17:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2008/05/24 18:02:24 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008/05/24 18:02:24 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/02 21:24:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabe\Desktop\OTL.exe
[2010/10/02 21:23:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Gabe\Desktop\GooredFix.exe
[2010/10/02 21:22:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/02 21:22:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/02 15:16:26 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/02 15:14:32 | 000,000,337 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/10/02 15:14:18 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\Screen Capture.lnk
[2010/10/02 15:13:55 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/02 15:13:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/02 15:12:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/02 15:12:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/02 15:12:47 | 1609,023,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 15:11:28 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Gabe\NTUSER.DAT
[2010/10/02 15:11:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gabe\ntuser.ini
[2010/10/01 13:00:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/09/30 17:16:28 | 002,111,672 | -H-- | M] () -- C:\Documents and Settings\Gabe\Local Settings\Application Data\IconCache.db
[2010/09/29 19:43:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/09/29 19:43:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/29 14:25:19 | 000,019,812 | ---- | M] () -- C:\Documents and Settings\Gabe\My Documents\20100929-142516.png
[2010/09/28 23:14:31 | 000,004,450 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\Attach.zip
[2010/09/28 22:50:09 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/28 22:50:08 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\ERUNT.lnk
[2010/09/28 21:56:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/28 21:43:13 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Gabe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/28 16:47:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\dds.scr
[2010/09/28 16:42:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Gabe\Desktop\erunt-setup.exe
[2010/09/28 16:01:22 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\CCleaner.lnk
[2010/09/28 01:47:12 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\Revo Uninstaller.lnk
[2010/09/28 00:23:26 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Gabe\My Documents\My Sharing Folders.lnk
[2010/09/24 21:29:32 | 000,000,755 | ---- | M] () -- C:\WINDOWS\ahd3.ini
[2010/09/23 17:16:50 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/09/23 16:48:01 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 07:09:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/13 09:21:39 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\Logitech QuickCam.lnk
[2010/09/13 09:21:39 | 000,001,795 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/09/13 09:21:39 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\LightScribe.lnk
[2010/09/13 09:21:39 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\COMODO Firewall.lnk
[2010/09/13 09:21:39 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Gabe\Desktop\GOM Player.lnk
[2010/08/29 08:17:12 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/29 08:17:12 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/28 14:39:17 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/07/28 14:39:17 | 000,001,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/07/15 14:43:52 | 000,523,844 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/15 14:43:52 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/15 14:43:52 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/13 21:43:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/07/13 21:43:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/29 19:43:31 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/09/29 14:25:19 | 000,019,812 | ---- | C] () -- C:\Documents and Settings\Gabe\My Documents\20100929-142516.png
[2010/09/28 23:14:31 | 000,004,450 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\Attach.zip
[2010/09/28 22:50:09 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Gabe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/28 22:50:08 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\ERUNT.lnk
[2010/09/28 16:47:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\dds.scr
[2010/09/23 16:48:01 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 09:21:39 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\Logitech QuickCam.lnk
[2010/09/13 09:21:39 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/09/13 09:21:39 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\LightScribe.lnk
[2010/09/13 09:21:39 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\COMODO Firewall.lnk
[2010/09/13 09:21:39 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Gabe\Desktop\GOM Player.lnk
[2010/08/29 08:17:12 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/28 14:39:17 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/07/28 14:39:17 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNDA3100 Smart Wizard.lnk
[2010/07/13 21:43:25 | 000,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2010/07/13 21:43:25 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2010/04/20 17:07:00 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 04:43:00 | 000,000,337 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/12/07 00:07:38 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/12/07 00:07:08 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/12/07 00:07:08 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/12/07 00:06:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/12/07 00:06:06 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/12/07 00:06:03 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/12/07 00:06:03 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/22 15:37:53 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/17 03:27:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.8.64263.468_XP_Vista_x32.INI
[2009/02/10 19:09:15 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Gabe\Application Data\evf
[2009/02/02 19:40:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/22 21:32:57 | 000,000,755 | ---- | C] () -- C:\WINDOWS\ahd3.ini
[2009/01/06 17:43:34 | 1095,193,104 | ---- | C] () -- C:\Program Files\MSSetupv63.exe
[2009/01/02 08:09:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/12/25 18:54:22 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/25 18:54:19 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/25 18:54:19 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/25 18:54:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/25 18:54:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/06/05 17:51:43 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008/05/24 23:28:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/05/24 23:28:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/05/24 23:28:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/05/24 16:50:38 | 000,042,965 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/05/24 16:50:38 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/05/24 16:50:24 | 000,002,064 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\HPSU_48BitScanUpdate.log
[2008/05/24 16:50:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/05/24 16:40:01 | 000,002,795 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\PatchUpdate_InstantShareJPG.log
[2008/05/24 16:40:01 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/05/24 16:37:54 | 000,027,601 | ---- | C] () -- C:\Documents and Settings\Gabe\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/05/24 16:37:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/05/24 09:51:39 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/05/23 21:45:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxbhlcnp.dll
[2008/05/23 14:29:08 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Gabe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/23 14:16:31 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gabe\Local Settings\Application Data\fusioncache.dat
[2005/12/23 19:57:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/23 19:36:04 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/12/23 19:31:45 | 000,014,318 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/12/23 19:31:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/12/23 19:29:00 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/23 19:25:33 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/23 19:20:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/23 19:20:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/23 19:20:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/23 19:20:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/23 19:20:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/23 19:20:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/23 19:14:24 | 000,000,133 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/23 19:13:22 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/12/23 19:02:01 | 000,010,533 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/23 18:57:21 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/23 18:57:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/23 18:57:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/23 18:57:20 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/23 18:42:21 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/23 18:35:43 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/12/23 18:35:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/12/23 18:35:18 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 13:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/02/22 13:36:39 | 000,000,960 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll

========== LOP Check ==========

[2008/05/23 22:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/05/24 11:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GPSoftware
[2009/10/17 05:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/04/21 01:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/05/30 02:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/07/28 13:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/03/31 12:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/09/28 14:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/28 22:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/19 19:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/04/11 04:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/23 23:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/03 00:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2010/05/20 07:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/20 14:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/05/23 23:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Aim
[2009/03/31 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Azureus
[2005/12/23 19:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Digital Interactive Systems Corporation
[2008/05/24 11:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\GPSoftware
[2009/10/17 05:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\ijjigame
[2008/05/23 14:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\InterVideo
[2008/05/24 22:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Leadertech
[2010/04/23 19:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Mp3tag
[2008/05/23 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\MSNInstaller
[2008/05/31 13:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Nexon
[2008/12/14 21:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\Uniblue
[2008/05/24 16:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\WinBatch
[2009/02/11 23:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabe\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/12/23 19:28:21 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/26 05:12:59 | 000,156,557 | ---- | M] () -- C:\az.log
[2008/05/23 15:14:12 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/06/11 20:49:02 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2004/08/10 06:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/08/31 05:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/04 02:35:56 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2005/12/23 19:30:51 | 000,000,000 | ---- | M] () -- C:\FailKeys.log
[2010/10/02 15:12:47 | 1609,023,488 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/25 03:53:13 | 000,001,128 | ---- | M] () -- C:\HighLogging.log
[2009/10/17 07:13:11 | 000,002,384 | ---- | M] () -- C:\ijjiFFPlugin.log
[2005/08/31 05:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/31 05:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/10/02 15:12:41 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2005/12/23 19:30:51 | 000,000,121 | ---- | M] () -- C:\PassKeys.log
[2008/10/17 07:17:50 | 000,000,000 | ---- | M] () -- C:\Path.txt
[2008/11/12 09:23:43 | 000,081,964 | ---- | M] () -- C:\Response1.wav
[2008/11/12 09:24:01 | 000,081,964 | ---- | M] () -- C:\Response2.wav
[2008/11/12 09:24:17 | 000,245,804 | ---- | M] () -- C:\Response3.wav
[2008/11/12 09:24:33 | 000,245,804 | ---- | M] () -- C:\Response4.wav
[2008/11/12 09:24:56 | 000,491,564 | ---- | M] () -- C:\Response5.wav
[2010/04/23 19:14:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/10 00:16:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/13 21:43:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/04/23 19:14:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/10 00:16:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/13 21:43:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

BrownCloud
2010-10-04, 00:48
< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/31 05:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2002/04/25 04:24:12 | 000,077,824 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbhPP5C.DLL
[2003/06/19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/01/06 18:20:52 | 1095,193,104 | ---- | M] () -- C:\Program Files\MSSetupv63.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/30 21:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 21:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 21:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/08/31 05:02:10 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/05/23 14:16:41 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/31 05:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Gabe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/28 16:42:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Gabe\Desktop\erunt-setup.exe
[2010/10/02 21:23:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Gabe\Desktop\GooredFix.exe
[2010/10/02 21:24:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabe\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/05/23 14:16:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Gabe\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/02/17 17:41:56 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Gabe\Cookies\desktop.ini
[2010/10/02 21:54:38 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Gabe\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2004/10/13 16:24:38 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 09:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[12 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2002/12/06 20:10:40 | 000,002,238 | ---- | M] () -- C:\WINDOWS\system32\doc.ico
[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system\*.dat >
[2010/10/02 15:16:26 | 000,000,188 | ---- | M] () -- C:\WINDOWS\system\hpsysdrv.DAT

< %systemroot%\system\*.exe >
[1998/05/07 09:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/04/21 02:18:13 | 000,277,597 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/02 15:11:28 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Gabe\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2007/03/26 18:34:12 | 000,052,032 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\BRMD05A.EXE
[2007/01/26 04:06:00 | 000,116,544 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\BRQIKMON.EXE
[2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
[2001/01/19 08:50:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\INSTMON.EXE
[2002/04/25 03:38:36 | 000,286,720 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXBCES.EXE
[2000/02/09 01:35:42 | 000,170,496 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lexdrvin.exe
[2000/12/14 09:04:24 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lexgo.EXE
[2002/04/25 03:54:18 | 000,135,168 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lexping.exe
[2002/04/25 03:35:18 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXPPS.EXE
[2002/04/25 03:53:12 | 000,143,360 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhcfg.exe
[2002/04/25 03:54:58 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhih.exe
[2002/04/25 04:25:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhJSWX.EXE
[2002/04/25 04:01:22 | 000,520,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhlsnt.exe
[2002/04/25 04:25:46 | 000,098,304 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhPSWX.EXE
[2002/04/25 05:20:18 | 000,057,856 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhUN5C.EXE
[2002/04/25 04:02:16 | 000,053,248 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbhweb.exe
[2001/10/31 09:44:18 | 000,311,612 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WAVS.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
[2005/12/23 19:12:46 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv
[2005/12/23 19:12:46 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv
[2005/12/23 19:12:46 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv
[2005/12/23 19:12:46 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv
[2005/12/23 19:12:46 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-14 06:18:59

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

BrownCloud
2010-10-04, 01:04
Ugh... While opening the gmer screenshot, my computer just automatically rebooted with a blue screen saying:

Stop: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of 0xx00000005
(0x00000000 0x00000000)
The System has been shut down.

Sometimes my computer reboots when opening a new tab in my browser. I'll be doing the gmer scan now.

BrownCloud
2010-10-04, 02:37
... computer rebooted ...

same blue-screen-of-death notice

I'll try again w/o safe mode. If it reboots again, I'll try your scan with safe mode.

oldman960
2010-10-04, 04:55
Hi BrownCloud,

Thanks for the update. Post the log if you get it.

BrownCloud
2010-10-04, 08:41
That took a while... I ran the scan on safe mode. It didn't reboot, but it didn't look like it did much of anything. Look at the log yourself. =.= When I scanned w/o safe mode a LONGGGGG list of stuff scrolled down for about an hour and a half before the computer rebooted. I don't get what this was supposed to do. It felt like a waste of time because the results weren't at all consistent.

So, is this what you wanted?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-03 22:04:23
Windows 5.1.2600 Service Pack 2
Running: 9hi1grli.exe; Driver: C:\DOCUME~1\Gabe\LOCALS~1\Temp\uxlcrkog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs BA951400

---- EOF - GMER 1.0.15 ----

BrownCloud
2010-10-04, 10:00
I've tried to run the GMER scan several times without safe mode, and it has rebooted every time very quickly.

I've been getting this blue screen:

Technical information

*STOP: 0x000000F4 (0X00000005, 0X8A1B7858, 0X8A1B79CC, 0X8050120A)


Also you asked for error reports upon logging on. I've attached screen shots of the error reports:


C:\DOCUME~1\Gabe\LOCALS~1\Temp\WER804d.dir00\Mini100310-01.dmp
C:\DOCUME~1\Gabe\LOCALS~1\Temp\WER804d.dir00\sysdata.xml


C:\DOCUME~1\Gabe\LOCALS~1\Temp\WER5495.dir00\Mini100310-02.dmp
C:\DOCUME~1\Gabe\LOCALS~1\Temp\WER5495.dir00\sysdata.xml

BrownCloud
2010-10-04, 10:03
I'm considering reformatting my HDD. Each reboot scares me further that it'll be the last reboot. I have most of my data backed up. Would this be a good decision?

oldman960
2010-10-04, 11:22
Hi BrownCloud,

What the GMER log showed was there isn't any rootkit activity, at least rootkit activity theat GMER could detect. GMER is a very good tool BTW.

The first error code you posted generally means "Access denied". This can be from either malware or in your case simply because IE6 doesn't have the latest service packs. The late one you posted points to a hardware problem.

Before attempting a fix we need to know as much as possible about what is going on with your computer. We need to rule things out. Unfortunately that may mean what you feel are unnecessary scan. Trust me, running a scan is far better than blindly fixing and ending up with an unbootable computer.

A reformat and reinstall is always an option. However if it is a hardware problem that won't help.

Before we see if updating your IE will help let's look at the usual suspects in the case of infection.


Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following


/md5start
csrss.exe
winlogon.exe
/md5stop



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

BrownCloud
2010-10-04, 12:19
That's true. Let's just hope no more reboots.

OTL logfile created on: 10/4/2010 2:11:34 AM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Gabe\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 271.94 Gb Total Space | 71.04 Gb Free Space | 26.12% Space Free | Partition Type: NTFS
Drive D: | 7.49 Gb Total Space | 0.47 Gb Free Space | 6.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FINALFANTASYV
Current User Name: Gabe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Custom Scans ==========



< MD5 for: CSRSS.EXE >
[2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\SDold\Download\e9500597a78495f397efb821e37bf356\csrss.exe
[2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\csrss.exe
[2004/08/10 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\csrss.exe
[2004/08/10 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/10 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SDold\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
< End of report >

oldman960
2010-10-05, 02:16
Hi BrownCloud,

Interesting your logs show IE6 as your browser but thin uninstall list shows IE7 as being installed. How lon ago did you install IE7? Do you use FireFox as your main browser?

Any symptoms such as redirects?

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
FF - prefs.js..extensions.enabledItems: {E78CD27B-8DC4-477A-94C4-9B777B2F16AF}:1.9.1
O33 - MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\Shell\AutoRun\command - "" = RECYCLER\restore.exe
O33 - MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\Shell\open\command - "" = RECYCLER\restore.exe
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys File not found
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - c:\Program Files\Norton Internet Security\cfgwiz.exe File not found
MsConfig - StartUpReg: Lqurezuquj - hkey= - key= - C:\WINDOWS\oampidr.DLL File not found
MsConfig - StartUpReg: Qgewehokonip - hkey= - key= - C:\WINDOWS\ogixejowera.DLL File not found
MsConfig - StartUpReg: URLLSTCK.exe - hkey= - key= - c:\Program Files\Norton Internet Security\UrlLstCk.exe File not found

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Thanks

BrownCloud
2010-10-05, 05:02
Yeah, I use Firefox as my normal browser. I never use IE. I tried to remove it a few times because my experiences with it have been dreadful, but I can't even get rid of it. Lame.

You wanted an OTL fix log, but it never created one. It did only prompted me that I needed to reboot after it finished.

BrownCloud
2010-10-05, 05:07
Nevermind. I opened the OTL.exe and this log popped up.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Prefs.js: {E78CD27B-8DC4-477A-94C4-9B777B2F16AF}:1.9.1 removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72cccadb-e58d-11dd-8010-00d09e621c5b}\ not found.
File C:\RECYCLER\restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72cccadb-e58d-11dd-8010-00d09e621c5b}\ not found.
File C:\RECYCLER\restore.exe not found.
Error: No service named Trufos was found to stop!
Unable to delete service\driver key Trufos.
File C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys File not found not found.
Error: No service named Profos was found to stop!
Unable to delete service\driver key Profos.
File C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG8_TRAY\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IS CfgWiz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Lqurezuquj\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Qgewehokonip\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\URLLSTCK.exe\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 83 bytes

User: Fourth Window
->Temp folder emptied: 24163556 bytes
->Temporary Internet Files folder emptied: 3982388 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56923991 bytes
->Flash cache emptied: 2744 bytes

User: Gabe
->Temp folder emptied: 134783159 bytes
->Temporary Internet Files folder emptied: 452615 bytes
->Java cache emptied: 11246 bytes
->FireFox cache emptied: 47386078 bytes
->Google Chrome cache emptied: 67659302 bytes
->Flash cache emptied: 14743 bytes

User: HP_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3640996 bytes
->Flash cache emptied: 300 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 11071684 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112352095 bytes

User: secondwindow
->Temp folder emptied: 34648799 bytes
->Temporary Internet Files folder emptied: 1669454 bytes
->FireFox cache emptied: 80293056 bytes
->Flash cache emptied: 2841 bytes

User: TEMP

User: thirdwindow
->Temp folder emptied: 20529243 bytes
->Temporary Internet Files folder emptied: 794032 bytes
->FireFox cache emptied: 81179233 bytes
->Flash cache emptied: 3256 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6829073 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115379569 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 31285 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2476 bytes

Total Files Cleaned = 767.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10042010_184525

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

BrownCloud
2010-10-05, 05:17
My youtube isn't working after that OTL fix. Is that supposed to happen?

BrownCloud
2010-10-05, 07:51
Never mind about the youtube. It's fine now.

oldman960
2010-10-05, 15:59
Hi BrownCloud,

Nothing we did should have effected YouTube. What did you need to do to get it to work again?

You have some interesting usernames, secondwindow, for example. Are these legitimate accounts?

IE can't be uninstalled, it's part of XP. You need it to access some MicroSoft sites such as their Update Site. Where you trying to use Renvo Uninstaller to try to remove it?

Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Thanks

BrownCloud
2010-10-06, 01:43
Basically, I did nothing. It just started working again. The YouTube site wasn't working on my computer, but it was on my brother's. What loaded was like a skeleton of the site. It showed a picture of each video, but nothing was playable. And all the text and background had a lackluster. Kind of hard to explain. I rebooted, but it stayed in the same state. I did nothing. Just after a while it was working again.

There's nothing unusual about the user names. I just have multiple users.

My computer is running on Windows XP, btw.




MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007bc

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA779000 ACPI.sys
0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA768000 pci.sys
0xBA8A8000 isapnp.sys
0xBA8B8000 ohci1394.sys
0xBA8C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBADAC000 viaide.sys
0xBADAE000 intelide.sys
0xBA8D8000 MountMgr.sys
0xBA749000 ftdisk.sys
0xBADB0000 dmload.sys
0xBA723000 dmio.sys
0xBAB30000 PartMgr.sys
0xBA8E8000 VolSnap.sys
0xBA64E000 iaStor.sys
0xBA636000 atapi.sys
0xBA8F8000 disk.sys
0xBA908000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA616000 fltMgr.sys
0xBA604000 sr.sys
0xBA918000 PxHelp20.sys
0xBA5ED000 KSecDD.sys
0xBA560000 Ntfs.sys
0xBA54B000 inspect.sys
0xBA51E000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBAB38000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA503000 Mup.sys
0xBA948000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA968000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBAC78000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB9BF4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9BE0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9BBB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBAC80000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9B98000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBAC88000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9B7F000 \SystemRoot\system32\drivers\cxfalcon.sys
0xB9B5C000 \SystemRoot\system32\drivers\ks.sys
0xB9A50000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBAC90000 \SystemRoot\System32\Drivers\Modem.SYS
0xB99FA000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA988000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBAC98000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBACA0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBAE04000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xBA998000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA4BB000 \SystemRoot\system32\drivers\pfc.sys
0xBA9A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA9B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBACA8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA197000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBAE0A000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA9D8000 \SystemRoot\system32\DRIVERS\jswscimd.sys
0xBA9F8000 \SystemRoot\system32\drivers\tbhsd.sys
0xB99D8000 \SystemRoot\system32\drivers\portcls.sys
0xBAA08000 \SystemRoot\system32\drivers\drmk.sys
0xBAF40000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBAA78000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA18B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB99C1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBAA88000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBAA98000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB99B0000 \SystemRoot\system32\DRIVERS\psched.sys
0xBAAA8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBACB0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAB48000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB997F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBAAB8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBAB70000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBAE2A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9926000 \SystemRoot\system32\DRIVERS\update.sys
0xBA177000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBAAC8000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBAB08000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB6F86000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB9F82000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBAE48000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB2E85000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBAE60000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAFB0000 \SystemRoot\System32\Drivers\Null.SYS
0xBAE62000 \SystemRoot\System32\Drivers\Beep.SYS
0xBABD8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBABE0000 \SystemRoot\System32\drivers\vga.sys
0xBAE64000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBAE66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBABE8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBABF0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6F16000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2E52000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2DFA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBABF8000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xB2DD9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB2D89000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9F32000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB2D67000 \SystemRoot\System32\drivers\afd.sys
0xB9F22000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBAC00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB2D3C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB2CCD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9F12000 \SystemRoot\System32\Drivers\Fips.SYS
0xB2C11000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB9F02000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBAE6A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB2BC6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB6EDE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA978000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBAC10000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xBA9C8000 \SystemRoot\system32\DRIVERS\IrBus.sys
0xBAC18000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBAC20000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6ECA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBADC2000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xBAC28000 \SystemRoot\system32\DRIVERS\hidir.sys
0xB6F32000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB2B3E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBADD6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2DD5000 \SystemRoot\System32\drivers\Dxapi.sys
0xBAC48000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xBAF7D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA4521000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA44E5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA395D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA3740000 \SystemRoot\system32\drivers\wdmaud.sys
0xA386D000 \SystemRoot\system32\drivers\sysaudio.sys
0xA265B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA2514000 \SystemRoot\system32\DRIVERS\srv.sys
0xA2623000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBADC6000 \SystemRoot\system32\drivers\MSPQM.sys
0xA2170000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xBAB78000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA167D000 \??\C:\WINDOWS\system32\DNINDIS5.SYS
0x9E87F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
660 C:\WINDOWS\system32\smss.exe
1328 csrss.exe
1352 C:\WINDOWS\system32\winlogon.exe
1396 C:\WINDOWS\system32\services.exe
1408 C:\WINDOWS\system32\lsass.exe
1576 C:\WINDOWS\system32\svchost.exe
1640 svchost.exe
1680 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1704 C:\WINDOWS\system32\svchost.exe
1816 svchost.exe
1912 svchost.exe
232 C:\WINDOWS\system32\LEXBCES.EXE
288 C:\WINDOWS\system32\spoolsv.exe
608 C:\WINDOWS\system32\LEXPPS.EXE
596 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
732 C:\WINDOWS\system32\acs.exe
760 C:\Program Files\Avira\AntiVir Desktop\sched.exe
772 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
896 svchost.exe
1516 C:\WINDOWS\explorer.exe
1200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1320 C:\WINDOWS\arservice.exe
1520 C:\Program Files\Bonjour\mDNSResponder.exe
1788 C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
1264 C:\WINDOWS\ehome\ehrecvr.exe
1964 C:\WINDOWS\ehome\ehSched.exe
2392 C:\Program Files\Java\jre6\bin\jqs.exe
2612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2820 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2880 C:\WINDOWS\system32\nvsvc32.exe
2900 C:\WINDOWS\arpwrmsg.exe
2920 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
2960 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2996 svchost.exe
3092 C:\WINDOWS\system32\svchost.exe
3196 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3540 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
3716 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3772 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
3900 C:\WINDOWS\system32\rundll32.exe
4004 C:\Program Files\UPHClean\uphclean.exe
628 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
1924 mcrdsvc.exe
1172 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
1900 C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
2060 C:\Program Files\lg_fwupdate\fwupdate.exe
2552 <unknown>
928 C:\hp\KBD\kbd.exe
2828 C:\Program Files\GPSoftware\Directory Opus\dopus.exe
2864 C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
2936 C:\WINDOWS\system32\ctfmon.exe
3576 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4032 C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
2300 C:\Documents and Settings\Gabe\My Documents\My Pictures\print screen\ScreenCapture.exe
2680 C:\WINDOWS\system32\dllhost.exe
2088 alg.exe
3416 C:\WINDOWS\system32\svchost.exe
5620 C:\WINDOWS\system32\wuauclt.exe
5812 C:\WINDOWS\RTHDCPL.EXE
3308 C:\WINDOWS\system\hpsysdrv.exe
5608 C:\Program Files\iTunes\iTunesHelper.exe
5516 C:\Program Files\iPod\bin\iPodService.exe
5336 C:\Program Files\Real\RealPlayer\realplay.exe
5528 C:\Program Files\Mozilla Firefox\firefox.exe
2024 C:\WINDOWS\system32\wscntfy.exe
4996 C:\Documents and Settings\Gabe\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`e075a800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (5)


Done!

oldman960
2010-10-06, 08:16
Hi BrownCloud,

The YouTube problem wasn't really a YouTube problem, it was FieFox. Sometimes when you empty the caches FireFox will not display some pages correctly. It's just temporary. Should this happen again whether while we are cleaning this machine or down the road, just refresh the page a couple of times.

There may be a problem with the MBR so we'll try to get a dump of the file. Please note that the log produced must be attached.

Please download MBR.exe (http://www2.gmer.net/mbr/mbr.exe) and save it to your desktop. Do not run it.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE



"%userprofile%\Desktop%\MBR.exe" -c 0 1 MBR_backup.dat


In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "scan.bat"
Click save


You should now have a file on your desktop named scan.bat with an icon that looks like gears.

Double click on it to run it. A file named MBR Backup.dat will appear on your desktop. Place attach it to your next reply.



An unknown was also detected.

Please download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) ... Save it to your Desktop.
Note: The log can be very long, you may need to post it separately.

Double-click on RKUnhookerLE.exe to execute it.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, Files and Code Hooks. Uncheck the rest. then Click OK. (See image below...)
http://i526.photobucket.com/albums/cc345/MPKwings/RKUcheck-1.gif
The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
When the scanner is finished... click File, Save Report.
Save the file "Report.txt" to your Desktop... Press Close... then press Yes
Copy the entire contents of the Report.txt file in you're next reply.


Please Note:
You may get this warning, it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please post back with
MBR_backup.dat (attached)
RKUnhooker log
Thanks

BrownCloud
2010-10-06, 12:54
The scan.bat did not create a file named: MBR Backup.dat. Instead, it created mbr.log. I attached it to this post anyways.

Also, are you sure you want me to copy paste all of the Report.txt to you as posts? It'll take a ton of posts... sigh... well, whatever you say. =.=

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6FB4000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4161536 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF9D6000 C:\WINDOWS\System32\nv4_disp.dll 3911680 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 77.79 )
0xB9BE0000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3203072 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 77.79 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9A3C000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1097728 bytes (Agere Systems, SoftModem Device Driver)
0xBA64E000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xBA560000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB2B84000 C:\WINDOWS\system32\DRIVERS\WNDA31.sys 458752 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0xB2CFB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9954000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xB2E28000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAF088000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAF219000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB2EB3000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB99AD000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xBA779000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA51E000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB0E3B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xAC0EC000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB2D6A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB2DD8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA723000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB9BA7000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB2BF4000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9B48000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9B84000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB2D95000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB9A06000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB2DB7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA616000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBA749000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB2C3F000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xBA503000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9B6B000 C:\WINDOWS\system32\drivers\cxfalcon.sys 102400 bytes (Conexant Systems, Inc., Conexant Falcon Driver)
0xBA636000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2B6C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xBA5ED000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB99EF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA54B000 inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xB0D36000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB1A27000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xB9A28000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9BCC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB2E80000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBA604000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xBA768000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB99DE000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB0EA7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA948000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA978000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBAA78000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBAA48000 C:\WINDOWS\system32\DRIVERS\jswscimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xBA8B8000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBAA28000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB0EB7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB9F0E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBAB18000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xBA8C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBAA18000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA908000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA9F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBAAD8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA8E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA9A8000 C:\WINDOWS\system32\DRIVERS\IrBus.sys 49152 bytes (Microsoft Corporation, USB Consumer IR Driver for eHome)
0xB9F5E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBAA68000 C:\WINDOWS\system32\drivers\tbhsd.sys 49152 bytes (RapidSolution Software AG, Tunebite High-Speed Dubbing)
0xBAA08000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA8D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBAAE8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB9F4E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBAB08000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA8F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA968000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA998000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA9D8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA8A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBAAF8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA958000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAE936000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA918000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB9EEE000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBAC98000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBABE8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBAC30000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBABD8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBAB28000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBAC90000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBAC20000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBAC80000 C:\WINDOWS\system32\DRIVERS\aracpi.sys 24576 bytes (Microsoft Corporation, Microsoft AR ACPI Driver (Beta 2 Release 2))
0xBACB0000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBACA8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB1A93000 C:\DOCUME~1\Gabe\LOCALS~1\Temp\mbr.sys 24576 bytes
0xBAB80000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBAC00000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBABF0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBAC18000 C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 20480 bytes (Microsoft Corporation, Microsoft AR HID Filter Driver (Beta 2 Release 2))
0xBABF8000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0xBAC38000 C:\WINDOWS\system32\DRIVERS\hidir.sys 20480 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0xBABC0000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xBABE0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBAB30000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBACA0000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xBAB70000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBAB78000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBAB38000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBAC88000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBAC48000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAF34A000 C:\WINDOWS\system32\DNINDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xB6EF4000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA16F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB1A0F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4BF000 C:\WINDOWS\system32\DRIVERS\arpolicy.sys 12288 bytes (Microsoft Corporation, Microsoft AR Policy Driver (Beta 2 Release 2))
0xBACB8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2E1C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB6F1C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB6F04000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA183000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA4CB000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xB6F54000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAEE07000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes
0xBADFC000 C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2))
0xBADBA000 C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Mouse Filter Driver (Beta 2 Release 2))
0xBAE60000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBAE4E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBADB0000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBADCA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBAE4C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBADAE000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBADA8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBAE50000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBADD2000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xBAE52000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBAE02000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBAE20000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBAE46000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBADAC000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBADAA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBAF3B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBAFCD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBAF31000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBAE70000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\Gabe\Application Data\skypePM\2010-10-06-0.ezlog
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\beginnings_of_learning\1972-05-23_beginnings_of_learning_part_i_chapter_6_school_dialogue_brockwood_park_23rd_may_1972.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\beginnings_of_learning\1973-05-22_beginnings_of_learning_part_i_chapter_1_school_dialogue_brockwood_park_22nd_may_1973.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\beginnings_of_learning\1973-05-25_beginnings_of_learning_part_i_chapter_15_school_dialogue_brockwood_park_25th_may_1973.htmlll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\beginnings_of_learning\1973-06-17_beginnings_of_learning_part_i_chapter_13_school_dialogue_brockwood_park_17th_june_1973.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_2\1957-00-00_commentaries_on_living_series_ii_chapter_44_'positive_and_negative_teaching'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_06_'pleasure,_habit_and_austerity'.htmlml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_19_'where_the_self_is,_love_is_not'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_25_'the_cultivation_of_sensitivity'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_30_'self-interest_decays_the_mind'.htmlll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_36_'the_voyage_on_an_uncharted_sea'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_54_'the_challenge_of_the_present'.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\krishnamurti_on_education\1974-00-00_krishnamurti_on_education_talk_to_teachers_chapter_11_'on_meditation_and_education'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\the_first_and_last_freedom\1953-00-00_the_first_and_last_freedom_questions_and_answers_question_33_'on_superficiality'.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\the_first_and_last_freedom\1953-00-00_the_first_and_last_freedom_questions_and_answers_question_38_'on_transformation'.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\tradition_and_revolution\1971-02-16_tradition_and_revolution_dialogue_28_bombay_16th_february_1971_'right_communication'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\My Music\Music\000Unsorted2\Eminem - Discography\Eminem - Curtain_Call_The_Hits-(Deluxe_Edition)-(2CD)\Eminem-Curtain_Call_(Stans_Mixtape)-(Bonus_CD)-2005-h8me\AlbumArt_{42FBE28A-F566-4025-A99B-212D51E3582F}_Large.jpgh8me.mp3
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\My Music\Music\000Unsorted2\Eminem - Discography\Eminem - Curtain_Call_The_Hits-(Deluxe_Edition)-(2CD)\Eminem-Curtain_Call_(Stans_Mixtape)-(Bonus_CD)-2005-h8me\AlbumArt_{42FBE28A-F566-4025-A99B-212D51E3582F}_Small.jpgh8me.mp3

BrownCloud
2010-10-06, 12:56
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002C998, Type: Inline - RelativeJump 0x80503998-->80503952 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA00, Type: Inline - RelativeJump 0x80503A00-->805039BA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA26, Type: Inline - RelativeJump 0x80503A26-->805039DE [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA34, Type: Inline - RelativeCall 0x80503A34-->AD032639 [unknown_code_page]
ntkrnlpa.exe+0x0002CA7C, Type: Inline - RelativeJump 0x80503A7C-->80503A36 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CAF0, Type: Inline - RelativeJump 0x80503AF0-->80503AAA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CB10, Type: Inline - RelativeJump 0x80503B10-->80503ACA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CB48, Type: Inline - RelativeJump 0x80503B48-->80503B02 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CBED, Type: Inline - RelativeJump 0x80503BED-->80503BDE [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CC30, Type: Inline - RelativeJump 0x80503C30-->80503BEA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CC8C, Type: Inline - RelativeJump 0x80503C8C-->80503C46 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CCB4, Type: Inline - RelativeJump 0x80503CB4-->80503C6E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CD2C, Type: Inline - RelativeJump 0x80503D2C-->80503CE6 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CD52, Type: Inline - RelativeJump 0x80503D52-->80503D0A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CD68, Type: Inline - RelativeJump 0x80503D68-->80503D22 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006DF0E, Type: Inline - RelativeJump 0x80544F0E-->80544F15 [ntkrnlpa.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB2E670A8-->BA54C6E0 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB2E670D4-->BA54C7B0 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB2E670E0-->BA54C740 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB9EF3B4C-->BA54C6E0 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xB9EF3B1C-->BA54C780 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB9EF3B3C-->BA54C7B0 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB9EF3B28-->BA54C740 [inspect.sys]
[1020]dllhost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1020]dllhost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1020]dllhost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1020]dllhost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1020]dllhost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1020]dllhost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[1108]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1212]realsched.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1212]realsched.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1212]realsched.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1212]realsched.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1212]realsched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]

BrownCloud
2010-10-06, 12:59
[128]avgnt.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[128]avgnt.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[128]avgnt.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[128]avgnt.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[128]avgnt.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[128]avgnt.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1396]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1396]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1396]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1396]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1396]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1396]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1396]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1396]services.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1396]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1396]services.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1396]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1396]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1396]services.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1396]services.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1396]services.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1396]services.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1396]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1408]lsass.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1408]lsass.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1408]lsass.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1408]lsass.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1408]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1408]lsass.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[1408]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[1408]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[1408]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[1412]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1580]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1580]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1580]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1580]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1580]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[160]HPZIPM12.EXE-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]

BrownCloud
2010-10-06, 13:05
[1644]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1644]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1644]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1644]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1644]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1644]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1708]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1708]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1708]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1708]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1708]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[1792]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[1792]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[1792]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[1792]explorer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1792]explorer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1792]explorer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1792]explorer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1792]explorer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1792]explorer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1792]explorer.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x771C308A-->00000000 [guard32.dll]
[1792]explorer.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x771CEDC8-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1824]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1824]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1824]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1824]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1824]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1912]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1912]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1912]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1912]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1912]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[2064]WNDA3100.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]

BrownCloud
2010-10-06, 13:07
[2096]bratimer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2096]bratimer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2108]MDM.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2116]fwupdate.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2236]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2240]kbd.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2240]kbd.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2240]kbd.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2240]kbd.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2240]kbd.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud
2010-10-06, 13:10
[232]LEXBCES.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2480]dopus.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2480]dopus.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2480]dopus.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2480]dopus.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2480]dopus.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2480]dopus.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x771C308A-->00000000 [guard32.dll]
[2480]dopus.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x771CEDC8-->00000000 [guard32.dll]
[2480]dopus.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[2480]dopus.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[2480]dopus.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[2480]dopus.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2520]dopusrt.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2520]dopusrt.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2520]dopusrt.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2520]dopusrt.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2520]dopusrt.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2540]RichVideo.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2540]RichVideo.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2540]RichVideo.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2540]RichVideo.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2540]RichVideo.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2944]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2944]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2944]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2944]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2944]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2964]ehSched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud
2010-10-06, 13:15
[2096]bratimer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2096]bratimer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2108]MDM.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2116]fwupdate.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2236]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud
2010-10-06, 13:21
[3096]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3096]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3096]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3096]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3096]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3096]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[3108]firefox.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[3108]firefox.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[3108]firefox.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[3108]firefox.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[3108]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[3108]firefox.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3108]firefox.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3108]firefox.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3108]firefox.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3108]firefox.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3108]firefox.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3108]firefox.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3108]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3108]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3108]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[312]spoolsv.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[312]spoolsv.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[312]spoolsv.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[312]spoolsv.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[312]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3172]ctfmon.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3172]ctfmon.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3172]ctfmon.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3172]ctfmon.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3172]ctfmon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x0101B0A0-->00000000 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0101B0A4-->00000000 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[3204]Skype.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[3204]Skype.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[3204]Skype.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[3204]Skype.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[3204]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[3204]Skype.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3204]Skype.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3204]Skype.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3204]Skype.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3204]Skype.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3204]Skype.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3204]Skype.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x771C308A-->00000000 [guard32.dll]
[3204]Skype.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x771CEDC8-->00000000 [guard32.dll]
[3204]Skype.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3204]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3204]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3204]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud
2010-10-06, 13:22
[3384]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3384]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3384]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3384]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3384]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3384]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3568]alg.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3568]alg.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3568]alg.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3568]alg.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3568]alg.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3568]alg.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3568]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3568]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3568]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3788]jqs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3788]jqs.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3788]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3788]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3788]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4008]uphclean.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4052]iPodService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud
2010-10-06, 13:24
[5352]wuauclt.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[5352]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[5352]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[5352]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[5352]wuauclt.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[5352]wuauclt.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[5352]wuauclt.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[5352]wuauclt.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[5352]wuauclt.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[5352]wuauclt.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x771C308A-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x771CEDC8-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[592]arservice.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[736]acs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[736]acs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[736]acs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[736]acs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[736]acs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[736]acs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[736]acs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[736]acs.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[736]acs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[736]acs.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[736]acs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[736]acs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[736]acs.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[736]acs.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[736]acs.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[736]acs.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[736]acs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[736]acs.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[736]acs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[736]acs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[736]acs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]

BrownCloud
2010-10-06, 13:25
[760]sched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[760]sched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[760]sched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[760]sched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[760]sched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[760]sched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[760]sched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[760]sched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[760]sched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[760]sched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[760]sched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[760]sched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[760]sched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[760]sched.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[760]sched.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[760]sched.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[760]sched.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[760]sched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[760]sched.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[760]sched.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[760]sched.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[760]sched.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[772]avguard.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[772]avguard.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[772]avguard.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[772]avguard.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[772]avguard.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[828]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[828]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[828]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[828]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[828]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[992]skypePM.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud
2010-10-06, 13:34
sigh. I don't know why you ask me to attach the small ones and copy paste the big ones... It's extremely time consuming.

The scan.bat didn't create an MBR_Backup.dat the first time. I did the exact same process a second time, and it work.

I have to attach it in a zip because .dat files are invalid.

BrownCloud
2010-10-06, 13:43
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)


^Are we getting closer? This was the last line in the report from the scan (it was not included in the Report.txt)

oldman960
2010-10-06, 15:53
Hi BrownCloud,

The dat needed to be attached so forum software won't alter it. Please be patient it will take some time to analyze it as well as go through the log.

Thanks

BrownCloud
2010-10-07, 04:21
Np. Take your time. Thanks.

You got everything you need?

oldman960
2010-10-07, 08:56
Hi BrownCloud,

I've been looking through these logs amd the error messages you posted. One points to hardware and the other to either malware or IE. The 2 messages may or may not be connected.

Your logs show IE6 as your version of Internet Explorer but the uninstall list shows IE7 as being installed. Did you install IE7? Did you uninstall IE7 and if so how?

Did you replace your hard drive recently?

Are you still experiencing random restarts?

Sorry for all the questions but somethings just aren't adding up.

BrownCloud
2010-10-07, 10:18
I think the problem may be both software and hardware at this point. I was getting crashes before giving me the blue screen of death:

Technical information
*STOP: 0x000000F4 (0x00000003, 0x8A1B7858, 0X8A1B79CC, 0X805D1Z0A)

About a week ago my screen would freeze (lock up), turn black, then reboot without the blue screen of death.

My computer has been making processing noises (HDD noises) more than normal since then.



Your logs show IE6 as your version of Internet Explorer but the uninstall list shows IE7 as being installed. Did you install IE7? Did you uninstall IE7 and if so how?

That was a long time ago. I installed IE7, didn't like it, then uninstalled it with Revo Uninstaller. I guess I got IE6 back some how. I don't remember. I primarily (99% of the time) use Mozilla FireFox.


Did you replace your hard drive recently?

No.


Are you still experiencing random restarts?

Yes, I'm getting restarts, but they aren't exactly random, and I can't exactly pin point it, but I do experience restarts whenever I'm doing something. I can't play Maplestory (an online game) anymore. It reboots every time I run it for a while. When I'm browsing some times my mouse double clicks when I click once (it has always done that. it's not frequent, but annoying when it does it), and then my computer would lock up and reboot. And, I guess I get the blue screen when I do that GMER scan w/o being in safe mode. It seems like all the crashes from a virus/malware has done permanent damage to my HDD that now my computer just restarts when I'm using hard drive space at damaged areas. I dunno.

BrownCloud
2010-10-07, 10:22
Let me clarify (the second example), when my mouse double clicks on a link or to switch to a tab (on my browser) my computer locks up and restarts. I don't know why that happens.

oldman960
2010-10-08, 03:13
Hi BrownCloud,

As I mentioned IE can't be uninstalled as it's part of Windows. If you install a newer version, IE7 for example, and uninstall it, the older version will then become the installed version once again. I'm not sure how aggressive Renvo Uninstaller is, it may have taken a bit more than it needed to. One error message seems to suggest IE as the problem even though you aren't using it.

We can check if it's a hard drive problem.

go to Control Panel | System | hardware tab | device manager. Click the + sign beside Disk Drives. The brand name of your Hard drive will be displayed. Please post the make and model.

BrownCloud
2010-10-08, 14:01
What's do you mean by make and model?

oldman960
2010-10-08, 15:46
Hi BrownCloud,

It's a Seagate harddrive. Go here (http://www.hddoctor.net/hard-drive-diagnostic-software-seagate-seatools/) and download User Guide about SeaTools for Windows and SeaTools for Windows.

Run the tool and let us know the results.

BrownCloud
2010-10-10, 05:55
I uninstalled my old nvidia driver, and installed an up to date version of it from the website. Also, turned off "Enable write combining" in the Trouble Shoot Display Properties. So far no reboots after that. Thanks for trying. I'm going to turn on my securities and other things you ask me to turn off including whatever the the defogger turned off.

oldman960
2010-10-10, 11:14
Hi BrownCloud,

Looks like you may have it sorted out. If you are satisfied we'll remove the tools. Keep Defogger, we will use it shortly.

Since there was some malware found I suggest you reset your System Restore Points.

* Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point
click create

* Remove old restore points


Go to Start - All Programs - Accessories - system tools.
Launch the Disk Cleanup tool and let it run.
When it finishes a box with tabs will appear, select the more options tab.
On this tab you will find a section for System Restore.
If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.


From your desktop, please delete
any notepads/logs that we created
DDS
GooredFix
Gmer (9hi1grli.exe)
MBRCheck
RootKit Unhoker
MBR.exe
scan.bat



Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

If there are no error messages you can now delete Defogger.


Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)

You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)

In either case you should uninstall Adobe Reader 7.0 first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall and a resident antispyware program. You seem to be set in that area.

You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.



-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fv5.windowsupdate.microsoft.com%2F)(using Internet Explorer) and download and install all critical updates on a regular basis.


- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.


- Keep your antivirus program updated, as well as any other security programs you have.


-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0 (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fsecunia.com%2Fvulnerability_scanning%2Fpersonal%2F)


-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)


- You may also want to read this article By Tony Klein
http://www.freedomlist.com/forum/viewtopic.php?t=22879

We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved".

Take care

BrownCloud
2010-10-11, 18:28
I've stalled to update Windows XP Service Pack 3. I heard mixed reviews about it. Some good. some bad. Do you really think I should update it?

I already have Spyware Blaster.
I already created a restore point and got rid of the older restore points.
I don't use IE.
What does Secunia Personal Software Inspector (PSI) actually do? And how effective is it?

My computer continues to lock up from time to time, but not as bad as when I didn't update my nvidia driver (which was pretty much a restart every time I did anything). Like when I'm playing a video or something. Maybe I still have some outdated drivers? Is that what Secunia PSI will help with?

oldman960
2010-10-12, 12:13
Hi BrownCloud,


I've stalled to update Windows XP Service Pack 3. I heard mixed reviews about it. Some good. some bad. Do you really think I should update it?
There aren't any more updates/patches for SP2. SP3 is very reliable. The trick is getting it installed correctly. The best way to install it is in Safe Mode. This way your security programs (the biggest cause of failed SP3 installs) will not be running and interfere. I haven't had anyone that I've helped have a problem updating it in safe mode.

You can get the full download package for SP3 HERE (http://www.microsoft.com/downloads/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4)

You can use FireFox to download. It says it's for IT Profressionals but you can safely use it. Download it and safe it a place you can easily access in safe mode such as your desktop. Boot to safe mode and double click the file.


I don't use IE.
You should still secure it. You will need IE to access some MicroSoft site such as their Update site.


What does Secunia Personal Software Inspector (PSI) actually do? And how effective is it?
It scans for outdated software and does a good job.

It may be out dated drivers that are the cause of your problems could also be some malware we haven't been able to locate.

There are a couple of ways to find updated drivers for your hardware. I suggest the Manually download and install drivers section found HERE (http://www.ehow.com/how_6438155_update-outdated-drivers.html) You can also visit your computer manufacturer's site and check for updates.