Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected searches

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirected searches

Unread postby greshick » September 25th, 2010, 10:54 am

I am having an issue where when i search using my web browser i get redirected to a different site. My browser also opens random pages every hour or so. My logs are below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:17 AM, on 9/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EVEMon\EVEMon.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EVE Metrics Uploader\TrayUploader.exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Pandora\Pandora.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugin-container.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [EVEMon] "C:\Program Files\EVEMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EVEMetricsUploader] "C:\Program Files\EVE Metrics Uploader\TrayUploader.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: hamachi-2-ui.exe
O4 - Startup: Pandora.lnk = C:\Program Files\Pandora\Pandora.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E251492-1D11-4270-8095-A9DACB15416B}: NameServer = 4.2.2.4,4.2.2.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9041 bytes

µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Media Player
Adobe Media Player
Adobe Reader 9.3.2
AIM 7
AIM Search
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Antivirus
Blender (remove only)
Catan Online World
CCleaner
COMODO Internet Security
CPUID CPU-Z 1.55
Digsby
DisplayFusion 3.1.5
Dual-Core Optimizer
EVE Metrics Uploader
EVEMon
FileZilla Client 3.3.4.1
FileZilla Server (remove only)
Fraps
Full Tilt Poker
Game Maker 8.0
GIMP 2.6.8
Google Gears
Google Talk Plugin
Google Update Helper
GPGNet
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Instant Eyedropper 1.75
IrfanView (remove only)
iTunes
Java DB 10.5.3.0
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18
League of Legends
LiveZilla
LogMeIn Hamachi
LogMeIn Hamachi
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Single Image 2010 (Beta)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.10)
Mozilla Firefox (3.6.6)
Mozilla Firefox 4.0b6 (x86 en-US)
Mozilla Sunbird (0.9)
MSXML 6.0 Parser (KB933579)
Mumble and Murmur
My POS
MySQL Workbench 5.1 OSS
NetBeans IDE 6.8
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
OpenRPG
Pandora
Pandora
PDF Settings CS5
Perpetuum
Pidgin
Portal
Python 2.5.4
Python 3.1.2
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization V
Skype™ 4.2
Sorian AI Mod 2.1.1
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Steam
Supreme Commander - Forged Alliance
Synergy
System Requirements Lab
Team Fortress 2
TeamSpeak 2 RC2
TeraCopy 2.12
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.1.3
Windows 7 Upgrade Advisor
Windows Internet Explorer 8
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
XChat 2 (remove only)
Xfire (remove only)
Zoosk Messenger
Zoosk Messenger
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am
Advertisement
Register to Remove

Re: Redirected searches

Unread postby Cypher » September 27th, 2010, 12:11 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Backup Made Easy



Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

While you are in add/remove programs uninstall the following also.
Ask Toolbar
Java DB 10.5.3.0
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18

Next.

Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - (no file)
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

Security Check

  • Please download Security Check by screen317 from:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"



Logs/Information to Post in your Next Reply

  • checkup.txt.
  • RSIT log.txt and info.txt contents.
  • RKUnHooker log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected searches

Unread postby greshick » September 27th, 2010, 8:46 pm

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player 10.1.85.3
Adobe Reader 9.3.2
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
````````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 27th, 2010, 8:49 pm

Logfile of random's system information tool 1.08 (written by random/random)
Run by andrew at 2010-09-27 19:47:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (7%) free of 75 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:48:33 PM, on 9/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EVEMon\EVEMon.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EVE Metrics Uploader\TrayUploader.exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Pandora\Pandora.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugin-container.exe
Z:\Downloads\RSIT.exe
C:\Program Files\trend micro\andrew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [EVEMon] "C:\Program Files\EVEMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EVEMetricsUploader] "C:\Program Files\EVE Metrics Uploader\TrayUploader.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: hamachi-2-ui.exe
O4 - Startup: Pandora.lnk = C:\Program Files\Pandora\Pandora.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E251492-1D11-4270-8095-A9DACB15416B}: NameServer = 4.2.2.4,4.2.2.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8213 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GRESHICK-andrew.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2009-10-01 111976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2009-11-03 556432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-01 2039240]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EVEMon"=C:\Program Files\EVEMon\EVEMon.exe [2010-08-16 1594880]
"DisplayFusion"=C:\Program Files\DisplayFusion\DisplayFusion.exe [2009-10-14 631984]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EVEMetricsUploader"=C:\Program Files\EVE Metrics Uploader\TrayUploader.exe [2009-07-23 165376]
"Steam"=c:\program files\steam\steam.exe [2010-08-13 1242448]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2009-09-27 83312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2010-07-18 1258496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-19 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\instanteyedropper]
C:\Program Files\InstantEyedropper\InstantEyedropper.exe [2007-10-17 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
Z:\iTunes\iTunesHelper.exe [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
C:\PROGRA~1\MICROS~2\Office14\OFFICE~1\OFFICE~2.EXE [2009-09-26 202648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^Shortcut to sunbird.lnk]
C:\PROGRA~1\MOZILL~2\sunbird.exe [2008-09-18 6354540]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\Xfire.exe [2010-07-09 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^ZooskMessenger.lnk]
C:\PROGRA~1\ZOOSKM~1\ZOOSKM~1.EXE [2010-09-03 142336]

C:\Documents and Settings\andrew\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe
hamachi-2-ui.exe
Pandora.lnk - C:\Program Files\Pandora\Pandora.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\CCP\EVE\bin\ExeFile.exe"="C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\evetest\EVE\bin\ExeFile.exe"="C:\Program Files\evetest\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"C:\Program Files\Synergy\synergys.exe"="C:\Program Files\Synergy\synergys.exe:*:Enabled:synergys"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EVEMon\EVEMon.exe"="C:\Program Files\EVEMon\EVEMon.exe:*:Enabled:EVEMon"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"C:\Documents and Settings\andrew\My Documents\Downloads\eclipse\eclipsec.exe"="C:\Documents and Settings\andrew\My Documents\Downloads\eclipse\eclipsec.exe:*:Enabled:eclipsec"
"C:\Program Files\NetBeans 6.8as\bin\netbeans.exe"="C:\Program Files\NetBeans 6.8as\bin\netbeans.exe:*:Enabled:netbeans"
"C:\Program Files\HTC\Aces High II\aceshigh.exe"="C:\Program Files\HTC\Aces High II\aceshigh.exe:*:Enabled:aceshigh"
"C:\Documents and Settings\andrew\My Documents\Downloads\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\andrew\My Documents\Downloads\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Program Files\teamspeak3-server_win32\ts3server_win32.exe"="C:\Program Files\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Documents and Settings\andrew\Local Settings\Application Data\Xenocode\Sandbox\2.2.3530.29059\2009.08.31T22.09\Native\STUBEXE\@PROGRAMFILES@\Microsoft Games\Allegiance\ALLEGIANCE.EXE"="C:\Documents and Settings\andrew\Local Settings\Application Data\Xenocode\Sandbox\2.2.3530.29059\2009.08.31T22.09\Native\STUBEXE\@PROGRAMFILES@\Microsoft Games\Allegiance\ALLEGIANCE.EXE:*:Enabled:ALLEGIANCE"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe"="C:\Program Files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV"
"C:\Program Files\Steam\steamapps\common\sid meier's civilization iv beyond the sword\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Steam\steamapps\common\sid meier's civilization iv beyond the sword\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 : Beyond The Sword"
"C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe"="C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe:*:Enabled:OPNET 9.1.A"
"C:\Documents and Settings\andrew\My Documents\Downloads\eclipse\eclipse.exe"="C:\Documents and Settings\andrew\My Documents\Downloads\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Talkative IRC\Talkative IRC.exe"="C:\Program Files\Talkative IRC\Talkative IRC.exe:*:Enabled:Talkative IRC"
"C:\Program Files\Heroes of Newerth\hon.exe"="C:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\StarCraft II Beta\StarCraft II.exe"="C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"Z:\StarCraft II Beta\StarCraft II.exe"="Z:\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"Z:\StarCraft II Beta\Versions\Base15133\SC2.exe"="Z:\StarCraft II Beta\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II"
"Z:\StarCraft II Beta\Versions\Base15250\SC2.exe"="Z:\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II"
"Z:\adobe\Adobe Flash Builder 4\FlashBuilder.exe"="Z:\adobe\Adobe Flash Builder 4\FlashBuilder.exe:*:Enabled:FlashBuilder"
"Z:\iTunes\iTunes.exe"="Z:\iTunes\iTunes.exe:*:Enabled:iTunes"
"Z:\evetest\bin\ExeFile.exe"="Z:\evetest\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\WINDOWS\Temp\~os12.tmp\rlvknlg.exe"="C:\WINDOWS\Temp\~os12.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\RelevantKnowledge\rlvknlg.exe"="C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"Z:\LiveZilla\LiveZilla Server Admin.exe"="Z:\LiveZilla\LiveZilla Server Admin.exe:*:Enabled:LiveZilla Server Admin"
"Z:\xampp\mysql\bin\mysqld.exe"="Z:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"Z:\xampp\FileZillaFTP\FileZilla Server.exe"="Z:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Program Files\Digsby\lib\digsby-app.exe"="C:\Program Files\Digsby\lib\digsby-app.exe:*:Enabled:Digsby"
"C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe"="C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Steam\steamapps\greshick\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\greshick\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe"="C:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V"
"C:\Program Files\Steam\steamapps\common\sid meier's civilization v\CivilizationV.exe"="C:\Program Files\Steam\steamapps\common\sid meier's civilization v\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-27 19:47:45 ----D---- C:\rsit
2010-09-26 00:49:56 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-26 00:35:36 ----A---- C:\WINDOWS\OEWABLog.txt
2010-09-25 09:30:22 ----D---- C:\Program Files\Trend Micro
2010-09-22 21:49:51 ----D---- C:\Python25
2010-09-22 20:56:28 ----D---- C:\Program Files\OpenRPG
2010-09-08 23:49:00 ----A---- C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2010-09-08 23:48:59 ----D---- C:\Program Files\CPUID
2010-09-06 10:15:54 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-09-03 17:49:37 ----D---- C:\Documents and Settings\andrew\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2010-09-03 17:49:23 ----D---- C:\Program Files\ZooskMessenger

======List of files/folders modified in the last 1 months======

2010-09-27 19:45:15 ----D---- C:\WINDOWS\Temp
2010-09-27 19:40:10 ----D---- C:\Documents and Settings\andrew\Application Data\Skype
2010-09-27 19:39:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-27 19:38:56 ----D---- C:\Documents and Settings\andrew\Application Data\skypePM
2010-09-27 19:38:43 ----D---- C:\Program Files\Steam
2010-09-27 19:37:47 ----D---- C:\WINDOWS\system32\Lang
2010-09-27 19:35:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-27 19:31:33 ----SHD---- C:\WINDOWS\Installer
2010-09-27 19:31:33 ----SHD---- C:\Config.Msi
2010-09-27 19:31:06 ----D---- C:\Program Files\Java
2010-09-27 19:28:25 ----D---- C:\Program Files\Common Files
2010-09-27 19:27:55 ----D---- C:\WINDOWS\system32
2010-09-27 19:26:32 ----RD---- C:\Program Files
2010-09-27 19:26:03 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-27 19:07:00 ----D---- C:\WINDOWS\system32\drivers
2010-09-27 17:39:50 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-27 16:19:03 ----D---- C:\WINDOWS\Prefetch
2010-09-27 16:17:49 ----D---- C:\WINDOWS\repair
2010-09-27 16:17:33 ----D---- C:\WINDOWS\Registration
2010-09-26 01:20:45 ----D---- C:\WINDOWS\security
2010-09-26 00:49:56 ----D---- C:\WINDOWS
2010-09-26 00:35:15 ----D---- C:\Documents and Settings
2010-09-25 17:29:32 ----D---- C:\Documents and Settings\All Users\Application Data\CCP
2010-09-25 15:55:23 ----D---- C:\Documents and Settings\andrew\Application Data\DisplayFusion
2010-09-23 17:17:19 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1
2010-09-21 18:26:06 ----D---- C:\WINDOWS\system32\DirectX
2010-09-21 18:26:04 ----HD---- C:\WINDOWS\inf
2010-09-21 18:24:49 ----RSD---- C:\WINDOWS\assembly
2010-09-21 18:23:31 ----D---- C:\WINDOWS\WinSxS
2010-09-12 22:44:05 ----D---- C:\Documents and Settings\andrew\Application Data\Mozilla
2010-09-12 07:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2010-09-11 16:58:24 ----D---- C:\Program Files\Mozilla Firefox
2010-09-10 20:33:54 ----D---- C:\Documents and Settings\andrew\Application Data\Mumble
2010-09-06 10:29:43 ----D---- C:\Documents and Settings\andrew\Application Data\TeraCopy
2010-09-04 08:52:02 ----D---- C:\WINDOWS\pss
2010-09-02 08:45:17 ----D---- C:\Program Files\Digsby
2010-09-01 07:42:10 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-08-31 15:49:41 ----D---- C:\Program Files\Full Tilt Poker
2010-08-30 22:18:42 ----D---- C:\Documents and Settings\andrew\Application Data\.purple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-06-01 87824]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-30 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2007-11-30 651712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 a2sq61zb;a2sq61zb; C:\WINDOWS\system32\drivers\a2sq61zb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-16 41472]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-01 1778480]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-08-15 40999448]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2010-07-18 740864]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby Cypher » September 28th, 2010, 6:03 am

Hi greshick.
Did you run RKUnHooker? post the log from the scan in you're next reply.

Next.

Please post a new Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

Next.

Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\system32\drivers\a2sq61zb.sys

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.


Logs/Information to Post in your Next Reply

  • RKUnHooker log.
  • Uninstall list.
  • Virustotal or jotti results.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 7:39 am

My computer is a little faster, but problem remains so far. The unhooker is still running so I will post ofter work.
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby Cypher » September 28th, 2010, 7:43 am

No problem.
Post all of the requested logs when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 10:54 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xB6C3E000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )
0xB3731000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4083712 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7EB4000 PCI_PNP0362 995328 bytes
0xB7EB4000 sptd 995328 bytes
0xB7EB4000 spxk.sys 995328 bytes
0xB6B1B000 C:\WINDOWS\system32\drivers\Envy24HF.sys 655360 bytes (VIA - IC Ensemble, Inc., Envy24 Family Audio Controller WDM)
0xB7D2A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB3514000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB67BE000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB361F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB1F28000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB1662000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6874000 C:\WINDOWS\System32\Drivers\a2sq61zb.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB36D3000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 221184 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB681C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB1FF7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7CE9000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAF336000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB3584000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6C02000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB35D1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB35F9000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB6AF7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6BBB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6AD4000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB15EF000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB6BDF000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 143360 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB35AF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB34F3000 C:\WINDOWS\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7DE0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB34AD000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xB7CCF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7E00000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7DB7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB685D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB21B4000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 90112 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xB1ADB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7D16000 inspect.sys 81920 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xB68AD000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB6C2A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB3678000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7DCE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7E5D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB684C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8228000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8308000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB8168000 C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xB82C8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8318000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB1C30000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8198000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB82E8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB8118000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB81F8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB82F8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8128000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB81C8000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8178000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8158000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB8148000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB81E8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAF381000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB81D8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB339D000 C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xB83C0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8410000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8420000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8428000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB83C8000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB83A0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB8440000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8438000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8430000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8460000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xB8418000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB83B0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8408000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 20480 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB8400000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0xB8398000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB8358000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xB83B8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB84A8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB84B0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB8338000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8448000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB17B3000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0xB2160000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows (R) Win 7 DDK provider, CPUID Driver)
0xB767B000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB234E000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7C87000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB36A7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7C6F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7C9F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8600000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB85FE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8602000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB866E000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB8604000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85F4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85F8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB87CD000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB870A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB87A6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AA1E1F8 unknown_irp_handler 3592 bytes
0x8A7191F8 unknown_irp_handler 3592 bytes
0x8A7C61F8 unknown_irp_handler 3592 bytes
0x8AA931F8 unknown_irp_handler 3592 bytes
0x8A8341F8 unknown_irp_handler 3592 bytes
0x8AA201F8 unknown_irp_handler 3592 bytes
0x89E381F8 unknown_irp_handler 3592 bytes
0x8A8131F8 unknown_irp_handler 3592 bytes
0x89E61500 unknown_irp_handler 2816 bytes
0x89E34500 unknown_irp_handler 2816 bytes
0x89E1D500 unknown_irp_handler 2816 bytes
!!!!!!!!!!!Hidden driver: 0x89CC1AEA ?_empty_? 1302 bytes
0x89CC1EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x8A8735F0 ?_empty_? 0 bytes
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 10:56 pm

==============================================
>Stealth
==============================================
0xB7E00000 WARNING: suspicious driver modification [atapi.sys::0x89CC1AEA]
0x01300000 Hidden Image-->EVEMon.WindowsApi.dll [ EPROCESS 0x8A8E2B90 ] PID: 224, 28672 bytes
0x05DF0000 Hidden Image-->EVEMon.LogitechG15.dll [ EPROCESS 0x8A8E2B90 ] PID: 224, 45056 bytes
0x03E50000 Hidden Image-->CRUDE.dll [ EPROCESS 0x89B062C8 ] PID: 1336, 53248 bytes
0x03C00000 Hidden Image-->EVEMon.Common.XmlSerializers.dll [ EPROCESS 0x8A8E2B90 ] PID: 224, 585728 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
0x01330000 Hidden Image-->EVEMon.Common.dll [ EPROCESS 0x8A8E2B90 ] PID: 224, 774144 bytes
0x012A0000 Hidden Image-->LinqBridge.dll [ EPROCESS 0x8A8E2B90 ] PID: 224, 86016 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\andrew\Application Data\Macromedia\Flash Player\#SharedObjects\2HBFFNTM\cdn.eyewonder.com\100125\764675\1344590\ESPN_MNF_RichAd_TuneIn_300x250.swf\ESPN_MNF.sol
!-->[Hidden] C:\Documents and Settings\andrew\Application Data\Macromedia\Flash Player\#SharedObjects\2HBFFNTM\cdn1.ustream.tv\com.quantserve.sol
!-->[Hidden] C:\Documents and Settings\andrew\Application Data\Macromedia\Flash Player\#SharedObjects\2HBFFNTM\static.espn.go.com\ivp\no_hbx03.swf\affiliate.sol
!-->[Hidden] C:\Documents and Settings\andrew\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.espn.go.com\settings.sol
!-->[Hidden] C:\Documents and Settings\andrew\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.eyewonder.com\settings.sol
!-->[Hidden] C:\Documents and Settings\andrew\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.boxlive.tv\settings.sol
!-->[Hidden] C:\Documents and Settings\andrew\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.espn.go.com\settings.sol
!-->[Hidden] C:\Documents and Settings\andrew\Application Data\TS3Client\logs\ts3client_2010-09-27__20_20_06.031250.log
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0045C8B9d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0211A87Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\024B0F66d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0263907Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\03228659d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0370EB42d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\03C93806d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\03E16CFCd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\09BA40F0d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0A30A281d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0A38BCDEd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0A5CB67Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0B2572D0d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0CE46666d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0D129076d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0DAB77BDd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\0EA5293Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\119ECEF7d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\124A5788d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\12A8AAF5d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1427839Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\171694BEd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\17B67B2Bd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\19958F51d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\19DBED18d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\19F64A22d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1B665BC2d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1BD738CCd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1DBB8261d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1DE36B51d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1DE3F510d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1ED4F728d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1F48FF79d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\1F6B3168d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\2017F0DEd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\2205BDC5d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\22BE657Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\237155A7d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\240971F5d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\245AD0C8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\24B18554d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\25F8DF1Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\2666D53Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\267501B6d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\26E5F9D8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\26EAD4C8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\29E56B6Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\2B1E4823d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\2CCE9783d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\2E1CABA9d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\2E34CA44d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\2F80027Bd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\30DB4A38d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\31A28CCAd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\338B3647d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\33C88AA5d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\360E7B9Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\36CEBF9Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3740A122d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3741BB68d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\379476D9d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3912D984d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3AD22CBAd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3B97DD8Bd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3DAC86B7d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3E5F2A08d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3EDF4045d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3F08AD09d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\3F14E685d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\412CF92Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4160C424d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4217654Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\43CE3976d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4502B0D1d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\451E18EFd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\45DF9923d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\46478059d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\49BC02E8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4B78551Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4BB37585d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4BDD2925d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4C141C2Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4C793E1Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4CB030CDd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4D00DDF0d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4F4B8A77d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\4F8948B4d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\50DD4D6Bd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\5301E80Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\53D64222d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\5441FB4Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\54CEF6AEd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\55F4E41Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\5668462Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\56EF07A8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\577E2473d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\57A9D0B7d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\5807459Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\59AA68AAd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\5A6DB545d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\5B8B8B18d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\5E65424Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\6090B75Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\60B7987Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\6468A73Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\65898613d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\67471A0Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\67653054d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\67ED7D6Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\68C4A992d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\68F67E85d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\6944597Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\69851B40d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\6A5279E1d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\6BA8D8C8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\6C2F6A60d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\6CAFCF78d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\6F6CD683d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\70E98F51d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\734641D8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\74131C17d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\753B7061d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7651FDF9d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7761B62Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\77AA9468d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\789B2667d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\790DC115d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7A556EF4d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7AC780ACd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7D584306d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7E952F01d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7EF56E45d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7F2CC97Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7F780705d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\7FE9126Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\8235F698d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\823F6F83d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\84B1387Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\84BFAD4Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\84D2DAF9d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\85414019d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\887C8BFCd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\88D05E29d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\8B2B0147d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\8EA64CD8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\91C819E2d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\933B4BF5d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\94119583d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\9516A62Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\95219432d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\95B0F514d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\961C4135d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\962C587Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\96400DBCd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\96D68506d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\96DA1452d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\995B19E8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\9A9F0638d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\9B5DF313d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\9BB9E28Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\9C591958d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\9C877712d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\9E1641F2d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\9E6CA9E2d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A0A10457d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A0E06166d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A19FAD52d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A26A7DC6d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A2A0669Bd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A2F23F20d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A31D7658d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A39CFF7Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A3C58A57d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A406BF17d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A40ED980d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A4200DAAd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A69C2A04d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A6BF45CCd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A716BF55d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\A75012FBd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\AB0769A1d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\AB6B3B0Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\AB892FF9d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\AD75F9DAd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\ADE740E4d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\AE8C799Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\AEFF470Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\AF883341d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B0786C8Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B29D1B4Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B2D32BDDd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B32F9F06d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B3E9DFCDd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B7C2C7C8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B8DDBA9Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B8E93591d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\B8F67F6Ed01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\BBE76EDBd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\BD16B649d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\BE8BF6B6d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\BEFE9ADAd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\BFC68FF8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\C06B6A9Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\C16848C4d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\C279E167d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\C2DEE850d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\C38DF2DBd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\C43D4676d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\C54D24C7d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\C7ED319Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\CA715635d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\CAB3DA3Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\CC19600Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\CD4FF089d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\CE06D4F5d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\CE6E2E3Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\CF4E04C5d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\CFD15B9Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D12B4083d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D1355F7Ad01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D20A1446d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D3EA8342d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D46E89A8d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D526E65Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D6FB45C5d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D7CDB479d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D7D28209d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\D9330583d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\DA1E6BDEd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\DB3B3EA3d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\DB8317B7d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\DBD925DAd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\DBF5E41Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\DD0AE40Bd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E1E7EA45d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E3DE957Bd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E4AFEB8Dd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E4C77589d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E6F3D288d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E739866Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E776AC4Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E876AF80d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\E8BAE15Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\EB131810d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\EC5EDD69d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\ED666544d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\EEC5DBFBd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F2A4C4C0d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F302C3D7d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F3496B13d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F4180EE7d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F681EFB4d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F7252E05d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F79E118Cd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F7AEAE96d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F8776815d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F9456849d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F948603Fd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\F981C8E1d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\FA93CFFAd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\FB103B23d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\FD1E7FFDd01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\FDAEEEA0d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwxbct1c.default\Cache\FDF41B94d01
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temporary Internet Files\Content.IE5\QDFAMJ6M\tier2_042010;net=cm;u=,cm-41954500_1285539229,11b73db51301e0a,Miscellaneous,;;dc=d;cmw=owl;env=ifr;ord1=262791;sz=160x600;contx=Miscellaneous;btg=;ord=547437987[1]f
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;cfp=1;rndc=125996456;noperf=1;alias=93302169;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_b[1].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1]].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5]].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[6].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[7].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[8].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[9].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[10]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[11]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[12]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[13]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[14]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[15]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[16]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[17]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[18]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[19]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1]]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[20]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2]]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5]]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[6].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[7].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[8].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[9]]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[10]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[11]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[12]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[13]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[14]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[15]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[16]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[17]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[18]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1]]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2]]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5]]htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[7].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[8].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[9].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1]].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5]].htm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[6].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[7].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[8].htmm
!-->[Hidden] C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[9].htmm
!-->[Hidden] C:\Documents and Settings\andrew\My Documents\log i need to post.txt
!-->[Hidden] C:\Documents and Settings\andrew\Recent\log i need to post.lnk
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@1se[2].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@66.230.188[1].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@addthis[2].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@cdn.jemamedia[1].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@doubleclick[5].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@nerve[1].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@opt.fimserve[2].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@questionmarket[1].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@whowhere[1].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Cookies\system@yellowpages.whowhere[2].txt
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\blank[4].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\blank[5].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\blank[6].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\crossdomain[1].xml
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\imp[1]
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\rm[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\rm[2].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\rm[3].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\st[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\st[2].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZF9CAAY\yume_ad_library_3[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\0%3B~sscs%3D%3f;impactTrack=;cb=7350967[1].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\23154-3[1].js
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\activity[1].php
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\blank[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\blank[4].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\comp[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\decide[1].php
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\like[1].php
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\pixel[1].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\pixel[2].swf
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\rm[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\rm[2].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\rm[3].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\rm[4].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\st[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\st[2].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9X90ADH8\st[3].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\afe_specificclick_net[2].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\afe_specificclick_net[3].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\blank[6].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\blank[7].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\crossdomain[1].xml
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\decide[1].php
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\dref=http%253A%252F%252Fcdn.cinesport.com%252Fcontainer[1].html%253Fid%253Dsportingnewsnfl%2526w%253D300%2526h%253D500
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\dref=http%253A%252F%252Fcdn.cinesport.com%252Fcontainer[2].html%253Fid%253Dsportingnewsnfl%2526w%253D300%2526h%253D500
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\empty[1].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\iframe3[1].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\mgif[1].html
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\rm[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\rue;playlistsafe=true;rand=29844;sessionstart=landingpage;safefilter=off;playlistpos=0;page=category;playlisteverythree=false;playtimes=0;pid=10;;~cs=h[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\st[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\st[2].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\st[3].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0T2857J\xd_proxy[1].php
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQM6VVQU\23154-3[1].js
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQM6VVQU\blank[6].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQM6VVQU\comp[1].gif
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQM6VVQU\demconf[1].jpg
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQM6VVQU\proxy[1].htm
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQM6VVQU\st[1]
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQM6VVQU\st[1].gif
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121733.old
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121734.ini
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121735.ini
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121736.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121737.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121738.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121739.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121740.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121741.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121742.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121743.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121744.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121745.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121746.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121747.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121748.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121749.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121750.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121751.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121752.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121753.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121754.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121755.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121756.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121757.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121758.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121759.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121760.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121761.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121762.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121763.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121764.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121765.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121766.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121767.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121768.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121769.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121770.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121771.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121772.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121773.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121774.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121775.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121776.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121777.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121778.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121779.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121780.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121781.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121782.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121783.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121784.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121785.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121786.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121787.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121788.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121789.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121790.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121791.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121792.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121793.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121794.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121795.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121796.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121797.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121798.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121799.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121800.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121801.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121802.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121803.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121804.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121805.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121806.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121807.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121808.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121809.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121810.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121811.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121812.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121813.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121814.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121815.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121816.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121817.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121818.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121819.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121820.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121821.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121822.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121823.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121824.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121825.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121826.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121827.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121828.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121829.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121830.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121831.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121832.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121833.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121834.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121835.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121836.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121837.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121838.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121839.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121840.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121841.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121842.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121843.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121844.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121845.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121846.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121847.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121848.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121849.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121850.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121851.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121852.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121853.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121854.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121855.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121856.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121857.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121858.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121859.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121860.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121861.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121862.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121863.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121864.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121865.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121866.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121867.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121868.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121869.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121870.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121871.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121872.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121873.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121874.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121875.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121876.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121877.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121878.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121879.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121880.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121881.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121882.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121883.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121884.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121885.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121886.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121887.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121888.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121889.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121890.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121891.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121892.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121893.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121894.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121895.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121896.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121897.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121898.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121899.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121900.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121901.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121902.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121903.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121904.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121905.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121906.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121907.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121908.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121909.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121910.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121911.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121912.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121913.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121914.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121915.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121916.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121917.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121918.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121919.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121920.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121921.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121922.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121923.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121924.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121925.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121926.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121927.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121928.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121929.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121930.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121931.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121932.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121933.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121934.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121935.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121936.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121937.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121938.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121939.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121940.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121941.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121942.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121943.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121944.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121945.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121946.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121947.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121948.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121949.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121950.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121951.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121952.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121953.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121954.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121955.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121956.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121957.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121958.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121959.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121960.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121961.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121962.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121963.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121964.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121965.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121966.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121967.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121968.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121969.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121970.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121971.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121972.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121973.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121974.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121975.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121976.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121977.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121978.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121979.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121980.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121981.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121982.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121983.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121984.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121985.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121986.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121987.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121988.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121989.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121990.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121991.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121992.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121993.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121994.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121995.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121996.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121997.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121998.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0121999.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122000.ico
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 10:58 pm

!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122001.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122002.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122003.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122004.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122005.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122006.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122007.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122008.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122009.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122010.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122011.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122012.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122013.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122014.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122015.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122016.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122017.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122018.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122019.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122020.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122021.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122022.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122023.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122024.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122025.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122026.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122027.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122028.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122029.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122030.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122031.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122032.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122033.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122034.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122035.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122036.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122037.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122038.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122039.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122040.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122041.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122042.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122043.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122044.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122045.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122046.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122047.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122048.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122049.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122050.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122051.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122052.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122053.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122054.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122055.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122056.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122057.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122058.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122059.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122060.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122061.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122062.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122063.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122064.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122065.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122066.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122067.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122068.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122069.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122070.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122071.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122072.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122073.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122074.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122075.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122076.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122077.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122078.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122079.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122080.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122081.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122082.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122083.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122084.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122085.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122086.ico
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122087.manifest
!-->[Hidden] C:\System Volume Information\_restore{77BCCED0-9FD1-400F-B8DD-B6807E0493BA}\RP471\A0122088.ini
!-->[Hidden] C:\WINDOWS\Temp\fla234.tmp
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D510, Type: Inline - RelativeJump 0x80504510-->805044CB [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D590, Type: Inline - RelativeCall 0x80504590-->BCD2F902 [unknown_code_page]
ntkrnlpa.exe+0x0002D78C, Type: Inline - RelativeJump 0x8050478C-->80504786 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D868, Type: Inline - RelativeJump 0x80504868-->8050483E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB365E428-->B7D176E0 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB365E454-->B7D177B0 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB365E460-->B7D17740 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB81DDB4C-->B7D176E0 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xB81DDB1C-->B7D17780 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB81DDB3C-->B7D177B0 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB81DDB28-->B7D17740 [inspect.sys]
[1036]firefox.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1036]firefox.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1036]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1036]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1036]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1036]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1036]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1036]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1036]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1036]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1036]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1036]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1036]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1036]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1036]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1036]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1036]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1036]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1036]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[1036]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[1036]firefox.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1036]firefox.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1036]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1036]firefox.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1036]firefox.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1036]firefox.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1036]firefox.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1036]firefox.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1036]firefox.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1064]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1064]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1064]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1064]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1064]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1064]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1064]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1064]nvsvc32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1064]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1064]nvsvc32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1064]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1064]nvsvc32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1064]nvsvc32.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1132]ctfmon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1132]ctfmon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1132]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1132]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1132]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1132]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1132]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1132]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1132]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1132]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1132]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1132]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1132]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1132]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1132]ctfmon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1132]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1132]ctfmon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1132]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1132]ctfmon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1132]ctfmon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1132]ctfmon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1132]ctfmon.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1132]ctfmon.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1132]ctfmon.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1132]ctfmon.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1132]ctfmon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1132]ctfmon.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1132]ctfmon.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1144]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1144]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1144]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1144]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1144]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1144]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1144]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1144]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1144]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1144]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1144]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1144]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1144]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1144]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1144]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1144]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1156]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1156]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1156]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1156]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1156]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1156]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1156]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1156]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1156]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1156]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1156]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1156]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1156]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1156]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1156]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1156]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1156]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1156]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1156]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1156]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1156]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1156]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1156]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1156]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1156]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1156]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1156]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1156]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 10:59 pm

[1232]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1232]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1232]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1232]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1232]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1232]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1232]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1232]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1312]hamachi-2.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1312]hamachi-2.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1312]hamachi-2.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1312]hamachi-2.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1312]hamachi-2.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1312]hamachi-2.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1312]hamachi-2.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1312]hamachi-2.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1312]hamachi-2.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1312]hamachi-2.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1312]hamachi-2.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1312]hamachi-2.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1312]hamachi-2.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1312]hamachi-2.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1332]Skype.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1332]Skype.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1332]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1332]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1332]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1332]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1332]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1332]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1332]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1332]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1332]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1332]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1332]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1332]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1332]Skype.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1332]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1332]Skype.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1332]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1332]Skype.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1332]Skype.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[1332]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[1332]Skype.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1332]Skype.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1332]Skype.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1332]Skype.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1332]Skype.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1332]Skype.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1332]Skype.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1332]Skype.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1332]Skype.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1332]Skype.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1332]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1332]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1332]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1336]TrayUploader.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1336]TrayUploader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1336]TrayUploader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1336]TrayUploader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1336]TrayUploader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1336]TrayUploader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1336]TrayUploader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1336]TrayUploader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1336]TrayUploader.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1336]TrayUploader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1336]TrayUploader.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1336]TrayUploader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1336]TrayUploader.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1336]TrayUploader.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1396]GoogleCrashHandler.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1396]GoogleCrashHandler.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1428]Steam.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1428]Steam.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1428]Steam.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1428]Steam.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1428]Steam.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1428]Steam.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1428]Steam.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1428]Steam.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1428]Steam.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1428]Steam.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1428]Steam.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1428]Steam.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1428]Steam.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1428]Steam.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1428]Steam.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1428]Steam.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1428]Steam.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1428]Steam.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1428]Steam.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1428]Steam.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1428]Steam.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1428]Steam.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1428]Steam.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1428]Steam.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1428]Steam.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1428]Steam.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1428]Steam.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1428]Steam.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1428]Steam.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1428]Steam.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1428]Steam.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1428]Steam.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1504]skypePM.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1504]skypePM.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1504]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1504]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1504]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1504]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1504]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1504]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1504]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1504]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1504]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1504]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1504]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1504]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1504]skypePM.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1504]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1504]skypePM.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1504]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1504]skypePM.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1504]skypePM.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1504]skypePM.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1504]skypePM.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1504]skypePM.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1504]skypePM.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[152]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[152]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[152]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[152]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[152]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[152]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[152]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[152]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[152]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[152]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[152]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[152]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[152]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[152]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[152]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[152]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[152]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[152]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[152]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[152]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[152]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[152]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[152]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[152]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[152]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[152]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[152]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[152]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1556]sqlservr.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1556]sqlservr.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1556]sqlservr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1556]sqlservr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1556]sqlservr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1556]sqlservr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1556]sqlservr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1556]sqlservr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1556]sqlservr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1556]sqlservr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1556]sqlservr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1556]sqlservr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1556]sqlservr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1556]sqlservr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1556]sqlservr.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1556]sqlservr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1556]sqlservr.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1556]sqlservr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1556]sqlservr.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1556]sqlservr.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1556]sqlservr.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1556]sqlservr.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1556]sqlservr.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1556]sqlservr.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1556]sqlservr.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1556]sqlservr.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1556]sqlservr.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1556]sqlservr.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1556]sqlservr.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1840]notepad.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1840]notepad.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1840]notepad.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1840]notepad.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1840]notepad.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1840]notepad.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1840]notepad.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1840]notepad.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1840]notepad.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1840]notepad.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1840]notepad.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1840]notepad.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1840]notepad.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1840]notepad.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1840]notepad.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1840]notepad.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1840]notepad.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1840]notepad.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1840]notepad.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1840]notepad.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1840]notepad.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1840]notepad.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1840]notepad.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1840]notepad.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1840]notepad.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1840]notepad.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1840]notepad.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1840]notepad.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1884]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1884]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1884]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1884]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1884]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1884]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1884]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1884]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1884]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1884]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1884]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1884]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1884]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1884]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1884]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1884]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1884]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1884]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1884]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1884]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1884]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1884]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1884]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1884]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1884]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1884]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1884]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1884]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1948]sqlwriter.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1948]sqlwriter.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1948]sqlwriter.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1948]sqlwriter.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1948]sqlwriter.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1948]sqlwriter.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1948]sqlwriter.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1948]sqlwriter.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1948]sqlwriter.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1948]sqlwriter.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1948]sqlwriter.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1948]sqlwriter.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1948]sqlwriter.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[1992]Pandora.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1992]Pandora.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1992]Pandora.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1992]Pandora.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1992]Pandora.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1992]Pandora.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1992]Pandora.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1992]Pandora.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1992]Pandora.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1992]Pandora.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1992]Pandora.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1992]Pandora.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1992]Pandora.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1992]Pandora.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1992]Pandora.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1992]Pandora.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 11:01 pm

[1992]Pandora.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1992]Pandora.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1992]Pandora.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1992]Pandora.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1992]Pandora.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1992]Pandora.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1992]Pandora.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1992]Pandora.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1992]Pandora.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1992]Pandora.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1992]Pandora.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[1992]Pandora.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[2056]digsby-app.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2056]digsby-app.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2056]digsby-app.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2056]digsby-app.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2056]digsby-app.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2056]digsby-app.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2056]digsby-app.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2056]digsby-app.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2056]digsby-app.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2056]digsby-app.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2056]digsby-app.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2056]digsby-app.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2056]digsby-app.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2056]digsby-app.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2056]digsby-app.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2056]digsby-app.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2056]digsby-app.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2056]digsby-app.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2056]digsby-app.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2056]digsby-app.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2056]digsby-app.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2056]digsby-app.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2056]digsby-app.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[2056]digsby-app.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[216]rundll32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[216]rundll32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[216]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[216]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[216]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[216]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[216]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[216]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[216]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[216]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[216]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[216]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[216]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[216]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[216]rundll32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[216]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[216]rundll32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[216]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[216]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[216]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[216]rundll32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[216]rundll32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[216]rundll32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[216]rundll32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[216]rundll32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[216]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[216]rundll32.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[216]rundll32.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[224]EVEMon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[224]EVEMon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[224]EVEMon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[224]EVEMon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[224]EVEMon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[224]EVEMon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[224]EVEMon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[224]EVEMon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[224]EVEMon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[224]EVEMon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[224]EVEMon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[224]EVEMon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[224]EVEMon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[224]EVEMon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[224]EVEMon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[224]EVEMon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[224]EVEMon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[224]EVEMon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[224]EVEMon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[224]EVEMon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[224]EVEMon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[224]EVEMon.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[224]EVEMon.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[224]EVEMon.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[224]EVEMon.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[224]EVEMon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[224]EVEMon.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[224]EVEMon.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[244]aswUpdSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[244]aswUpdSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[244]aswUpdSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[244]aswUpdSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[244]aswUpdSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[244]aswUpdSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[244]aswUpdSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[244]aswUpdSv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[244]aswUpdSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[244]aswUpdSv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[244]aswUpdSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[244]aswUpdSv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[244]aswUpdSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[244]aswUpdSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2488]3DMAZE~1.SCR-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2488]3DMAZE~1.SCR-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2488]3DMAZE~1.SCR-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2488]3DMAZE~1.SCR-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2488]3DMAZE~1.SCR-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2488]3DMAZE~1.SCR-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2488]3DMAZE~1.SCR-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2488]3DMAZE~1.SCR-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2488]3DMAZE~1.SCR-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2488]3DMAZE~1.SCR-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[2488]3DMAZE~1.SCR-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[280]DisplayFusion.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[280]DisplayFusion.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[280]DisplayFusion.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[280]DisplayFusion.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[280]DisplayFusion.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[280]DisplayFusion.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[280]DisplayFusion.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[280]DisplayFusion.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[280]DisplayFusion.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[280]DisplayFusion.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[280]DisplayFusion.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[280]DisplayFusion.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[280]DisplayFusion.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[2816]aspell.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2816]aspell.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2816]aspell.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2816]aspell.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2816]aspell.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2816]aspell.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2816]aspell.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2816]aspell.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2816]aspell.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2816]aspell.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2816]aspell.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2816]aspell.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2816]aspell.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2816]aspell.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2816]aspell.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2816]aspell.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2816]aspell.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2816]aspell.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2816]aspell.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2816]aspell.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2816]aspell.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2816]aspell.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2816]aspell.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[2816]aspell.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[2880]explorer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2880]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2880]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2880]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2880]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2880]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2880]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2880]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2880]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2880]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2880]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2880]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2880]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2880]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2880]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2880]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2880]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2880]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2880]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2880]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2880]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2880]explorer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2880]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2880]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2880]explorer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2880]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2880]explorer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2880]explorer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2880]explorer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2880]explorer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2880]explorer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2880]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3096]ashMaiSv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3096]ashMaiSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3096]ashMaiSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3096]ashMaiSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3096]ashMaiSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3096]ashMaiSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3096]ashMaiSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3096]ashMaiSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3096]ashMaiSv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3096]ashMaiSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3096]ashMaiSv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3096]ashMaiSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3096]ashMaiSv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[3096]ashMaiSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[3096]ashMaiSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[3148]iexplore.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3148]iexplore.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3148]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3148]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3148]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3148]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3148]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3148]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3148]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3148]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3148]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3148]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3148]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3148]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3148]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3148]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3148]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3148]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3148]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3148]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3148]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3148]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3148]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3148]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3148]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3148]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3148]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3148]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3148]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3148]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3148]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[3148]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[3148]iexplore.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3148]iexplore.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3148]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3148]iexplore.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3148]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3148]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3148]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3148]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3148]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3148]iexplore.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3148]iexplore.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3148]iexplore.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3148]iexplore.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3148]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3148]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3148]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3148]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3148]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3148]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[3148]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[3152]ashWebSv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3152]ashWebSv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3152]ashWebSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3152]ashWebSv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3152]ashWebSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3152]ashWebSv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3152]ashWebSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3152]ashWebSv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3152]ashWebSv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3152]ashWebSv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3152]ashWebSv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3152]ashWebSv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3152]ashWebSv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[3152]ashWebSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[3152]ashWebSv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 11:01 pm

[3548]ashDisp.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3548]ashDisp.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3548]ashDisp.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3548]ashDisp.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3548]ashDisp.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3548]ashDisp.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3548]ashDisp.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3548]ashDisp.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3548]ashDisp.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3548]ashDisp.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3548]ashDisp.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3548]ashDisp.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3548]ashDisp.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3548]ashDisp.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3548]ashDisp.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3548]ashDisp.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3548]ashDisp.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3548]ashDisp.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3548]ashDisp.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3548]ashDisp.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3548]ashDisp.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3548]ashDisp.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3548]ashDisp.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3548]ashDisp.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3548]ashDisp.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[3548]ashDisp.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[3548]ashDisp.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[3608]RTHDCPL.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3608]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3608]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3608]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3608]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3608]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3608]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3608]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3608]RTHDCPL.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3608]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3608]RTHDCPL.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3608]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3608]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[3608]RTHDCPL.EXE-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3676]hamachi-2-ui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3676]hamachi-2-ui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3676]hamachi-2-ui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3676]hamachi-2-ui.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3676]hamachi-2-ui.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3676]hamachi-2-ui.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3676]hamachi-2-ui.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3676]hamachi-2-ui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3676]hamachi-2-ui.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[3676]hamachi-2-ui.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[3676]hamachi-2-ui.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[372]ashServ.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[372]ashServ.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[372]ashServ.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[372]ashServ.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[372]ashServ.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[372]ashServ.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[372]ashServ.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[372]ashServ.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[372]ashServ.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[372]ashServ.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[372]ashServ.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[372]ashServ.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[372]ashServ.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[372]ashServ.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[372]ashServ.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[372]ashServ.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[372]ashServ.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[372]ashServ.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[372]ashServ.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[372]ashServ.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[372]ashServ.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[372]ashServ.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[372]ashServ.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[372]ashServ.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[372]ashServ.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[372]ashServ.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[4264]iTunes.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[4264]iTunes.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[4264]iTunes.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[4264]iTunes.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[4264]iTunes.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[4264]iTunes.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[4264]iTunes.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[4264]iTunes.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[4264]iTunes.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[4264]iTunes.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[4264]iTunes.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[4264]iTunes.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[4264]iTunes.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[4264]iTunes.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[4264]iTunes.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[4264]iTunes.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[4264]iTunes.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[4264]iTunes.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[4264]iTunes.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[4264]iTunes.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4264]iTunes.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4264]iTunes.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[4264]iTunes.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[4264]iTunes.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[4264]iTunes.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[4264]iTunes.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[4264]iTunes.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[4264]iTunes.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[4360]EFT.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[4360]EFT.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[4360]EFT.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[4360]EFT.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[4360]EFT.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[4360]EFT.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[4360]EFT.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[4360]EFT.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[4360]EFT.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[4360]EFT.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[4360]EFT.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[4360]EFT.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[4360]EFT.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[4360]EFT.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[4360]EFT.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[4360]EFT.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[4360]EFT.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[4360]EFT.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[4360]EFT.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[4360]EFT.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4360]EFT.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4360]EFT.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[4360]EFT.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[4360]EFT.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[4360]EFT.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[4360]EFT.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[4360]EFT.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[4360]EFT.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[4360]EFT.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[4360]EFT.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[4360]EFT.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[4360]EFT.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[580]alg.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[580]alg.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[580]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[580]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[580]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[580]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[580]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[580]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[580]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[580]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[580]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[580]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[580]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[580]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[580]alg.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[580]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[580]alg.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[580]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[580]alg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[580]alg.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[580]alg.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[580]alg.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[580]alg.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[580]alg.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[580]alg.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[580]alg.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[580]alg.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[580]alg.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[580]alg.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[580]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[580]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[580]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[5864]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[5864]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[5864]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[5864]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[5864]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[5864]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[5864]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[5864]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[5864]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[5864]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[5864]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[5864]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[5864]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[5864]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[5864]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[5864]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[5864]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[5864]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[5864]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[5864]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[5864]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[5864]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[5864]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[5864]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[5864]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[5864]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[5864]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[5864]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[656]iexplore.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[656]iexplore.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[656]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[656]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[656]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[656]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[656]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[656]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[656]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[656]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[656]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[656]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[656]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[656]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[656]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[656]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[656]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[656]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[656]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[656]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[656]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[656]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[656]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[656]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[656]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[656]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[656]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[656]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[656]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[656]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[656]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[656]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[656]iexplore.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[656]iexplore.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[656]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[656]iexplore.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[656]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[656]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[656]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[656]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[656]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[656]iexplore.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[656]iexplore.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[656]iexplore.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[656]iexplore.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[656]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[656]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[656]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[656]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[656]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[656]iexplore.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[656]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[656]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[656]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[656]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[656]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[656]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[656]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[656]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[660]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[660]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[660]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[660]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[660]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[660]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[660]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[660]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[660]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[660]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[660]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[660]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[660]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[660]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[660]spoolsv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[660]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[660]spoolsv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[660]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[660]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[660]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[660]spoolsv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[660]spoolsv.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[660]spoolsv.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[660]spoolsv.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[660]spoolsv.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[660]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[660]spoolsv.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[660]spoolsv.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[860]services.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[860]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[860]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[860]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[860]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[860]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[860]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[860]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[860]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[860]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[860]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[860]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[860]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[860]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[860]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[860]services.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[860]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[860]services.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[860]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[860]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[860]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[860]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[860]services.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[860]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[860]services.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[860]services.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 11:02 pm

[872]lsass.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[872]lsass.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[872]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[872]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[872]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[872]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[872]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[872]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[872]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[872]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[872]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[872]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[872]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[872]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[872]lsass.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[872]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[872]lsass.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[872]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[872]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[872]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[872]lsass.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[872]lsass.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[872]lsass.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[872]lsass.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[872]lsass.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[872]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[872]lsass.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[872]lsass.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[872]lsass.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[872]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[872]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[872]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[876]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[876]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[876]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[916]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[916]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[916]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[916]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[916]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[916]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[916]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[916]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[916]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[916]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[916]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[916]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[916]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[916]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[916]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[916]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[916]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 28th, 2010, 11:02 pm

Thats the unhooker file.
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware