Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

How to remove Rogue.AntiVirusPC2009

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 5th, 2010, 11:37 am

I think I get my computer infected by a virus named Rogue.AntiVirusPC2009

It can be detected by every scan of Malwarebytes's Antiware even though I just used the same antiware to remove it.

It was shown in C:\Program files\antivirus pc 2009\quaratine according to the scan report of Malwarebytes's Antiware.

================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 11:30:34, on 2010/12/5
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Google Update] "C:\Users\acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O15 - Trusted Zone: http://onestep.finairport.com
O15 - Trusted Zone: http://*.finairport.com
O15 - Trusted Zone: http://*.polaris.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91B07FA1-C3B7-43AC-9114-561392075462}: NameServer = 168.95.192.1 168.95.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{91B07FA1-C3B7-43AC-9114-561392075462}: NameServer = 168.95.192.1 168.95.1.1
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 5745 bytes

================

uninstall_list

7-Zip 4.57
Absolute Uninstaller 2.5
Acer eDataSecurity Management
Acer eMode Management
Acer Empowering Technology
Acer ePerformance Management
Acer ScreenSaver
Acer Tour
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AML Free Registry Cleaner 4.21
CCleaner
Chinese Traditional Fonts Support For Adobe Reader 9
Choice Guard
COMODO Internet Security
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Japanese Fonts Support For Adobe Reader 9
Java 2 Runtime Environment, SE v1.4.2_13
Java(TM) 6 Update 21
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Mega Codec Pack 6.3.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - cht
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 語言套件 SP1 - 繁體中文
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office IME 2010 (Traditional Chinese)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OpenOffice.org 3.2
PhotoScape
Picasa 3
PicPick
Pixia
Polaris EWinner
PowerProducer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SiS VGA Utilities
SpeedBit Video Accelerator
TrustMail 安全郵件瀏覽器
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebShot
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Movie Maker 搶鮮版
Windows Live 程式集
Windows Live 程式集
Windows Live 影像中心
Woopra 1.4
全景軟體安控元件 V1.5.6.706
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am
Advertisement
Register to Remove

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 8th, 2010, 5:21 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 8th, 2010, 5:56 pm

Hi pfge,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

First

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 9th, 2010, 1:26 am

deltalima wrote:Hi pfge,

Welcome to the forum.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator


I got a problem.

I enable UAC and set up a password. Reboot the computer and sign in as an adminstrator

Download MGADiag.exe.

Right click on MGADiag.exe and select Run As Administrator to run it.

But I doesn't get a prompt, instead I get an error as below

Image

I translated the error message as

This file doesn't have the associated program to execute this action. Please use [Setting Associaton] in control platform to establish the association.

I don't how to establish such kind of association.
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 9th, 2010, 2:17 pm

Hi pfge,

This file doesn't have the associated program to execute this action


Can you run any other .exe files?

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Right-click on Rkill And select " Run as administrator " to run it.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

ExeFix

Please download exefix_vista from Here and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Right click on exefix_vista.reg and merge the information with the registry.


Now please run MGADiag.exe again, if you still have problems then please move on and run OTL and then GMER
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 9th, 2010, 5:55 pm

Hi deltalima

I got the same error message when Right-click on Rkill, OTL and then GMER
And select " Run as administrator " to run it.

This file doesn't have the associated program to execute this action


I Right-click on the above files And select "Property", in "compatibility", choose "Run as administrator",

then

Right-click on the above files And select "Run as administrator", Could not run it.

I think I need to find a way to establish this kind of association before run these programs as administrator.


I have let exefix_vista.reg merge the information with the registry.
Last edited by pfge on December 9th, 2010, 6:01 pm, edited 1 time in total.
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 9th, 2010, 5:57 pm

OK, you if you are logged in as administrator then double click on the program to run.

Let me know if that works.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 9th, 2010, 6:35 pm

I log in as administrator then double click on rkill.

1. run rkill

My UAC say rkill gets and saves information from my computer. I allow it.

Comodo say it find a malicious file. I allow it and run it in sandbox.

rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on /12/10 星期五 at 6:17:43.
Operating System: Windows Vista (TM) Home Basic


Processes terminated by Rkill or while it was running:



Rkill completed on /12/10 星期五 at 6:18:01.

I am doing others.
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 9th, 2010, 7:34 pm

2. run MGADiag.exe

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-Q9CM8-KTDKK-8QXTR
Windows Product Key Hash: OI3PQUp2nK/Ysh5U6MY15ORIfio=
Windows Product ID: 89572-OEM-7332166-00029
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.002
ID: {30187276-2869-48CB-AD97-5999EA4FE18F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.100608-0458
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: N/A, hr=0x80070002
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{30187276-2869-48CB-AD97-5999EA4FE18F}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8QXTR</PKey><PID>89572-OEM-7332166-00029</PID><PIDType>2</PIDType><SID>S-1-5-21-1455271359-2910937899-729010381</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Aspire M1610</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>R01-A3</Version><SMBIOSVersion major="2" minor="4"/><Date>20070810000000.000000+000</Date></BIOS><HWID>CC303507018400FA</HWID><UserLCID>0404</UserLCID><SystemLCID>0404</SystemLCID><TimeZone>台北標準時間(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
軟體授權服務版本: 6.0.6001.18000
名稱: Windows(TM) Vista, HomeBasic edition
描述: Windows Operating System - Vista, OEM_SLP channel
啟用識別碼: 199086aa-6cb8-4e5b-b698-f2be56f1e8ee
應用程式識別碼: 55c92734-d682-4d71-983e-d6ec3f16059f
延伸的 PID: 89572-00146-321-600029-02-1028-6000.0000-3442007
安裝識別碼: 253242424224027730961825235903512206527991447534878611
處理器憑證 URL: http://go.microsoft.com/fwlink/?LinkID=43473
電腦憑證 URL: http://go.microsoft.com/fwlink/?LinkID=43474
使用憑證 URL: http://go.microsoft.com/fwlink/?LinkID=43476
產品金鑰憑證 URL: http://go.microsoft.com/fwlink/?LinkID=43475
部分產品金鑰: 8QXTR
授權狀態: 已取得授權

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAJJQKrtpqdB8anL7BAKL09CAw8vTgOLQqrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS ACRPRDCT
FACP ACRSYS ACRPRDCT
HPET ACRSYS ACRPRDCT
MCFG ACRSYS ACRPRDCT
SLIC ACRSYS ACRPRDCT
_WDT ACRSYS ACRPRDCT
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist


3. run OTL

The program became unresponsive when scanning firefox setting.

Image


4. run GMER

I double click this program and it automatically scan something, then stop show as

Image

a. Then, I hit "scan"

The computer stop program running four times in normal mode and once in safe mode. The computer shows that the problem is "Blue screen".

b. If I do not hit "scan", just hit "copy" That is what I get:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-10 08:29:07
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3250820AS rev.3.AAD
Running: luzp9nlv.exe; Driver: C:\Users\acer\AppData\Local\Temp\kgtdrpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 10th, 2010, 5:32 am

Hi pfge,

Please reboot the computer.

Run Rkill

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe .
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:11 pm

1. Run RKill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on /12/10 星期五 at 23:25:50.
Operating System: Windows Vista (TM) Home Basic


Processes terminated by Rkill or while it was running:

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe


Rkill completed on /12/10 星期五 at 23:26:08.

2. Run RKUnHooker

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8363C000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8363C000 PnpManager 3903488 bytes
0x8363C000 RAW 3903488 bytes
0x8363C000 WMIxWDM 3903488 bytes
0x96680000 Win32k 2109440 bytes
0x96680000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, 多使用者 Win32 驅動程式)
0x8D407000 C:\Windows\system32\drivers\RTKVHDA.sys 1785856 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x88E05000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT 檔案系統驅動程式)
0x88A7F000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x88C0A000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x806CA000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAD8E1000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xACE0D000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8CC01000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88800000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF 動態)
0x88D63000 C:\Windows\system32\DRIVERS\SISGRKMD.sys 479232 bytes (Silicon Integrated Systems Corporation, SiS VGA Kernal Mode Vista Driver)
0x88A0E000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xACEDF000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP 通訊協定堆疊)
0x80610000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAD87B000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x88925000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D66E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x88889000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, 適用於 NT 的 ACPI 驅動程式)
0x80689000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x807BC000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8CCB7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D129000 C:\Windows\System32\DRIVERS\cmdguard.sys 249856 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0x8D70B000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88BB5000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAD802000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88F14000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, 磁碟區陰影複製驅動程式)
0x8D0C8000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83609000 ACPI_HAL 208896 bytes
0x83609000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x889BA000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem 篩選器管理員)
0x8D63C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CDC3000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8D5BB000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88B8A000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D087000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAD853000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88FA1000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x888E0000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT 隨插即用 PCI 列舉程式)
0x8D0FC000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D00F000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88FD9000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D19E000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xACF97000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xACFB7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8899C000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xACF4C000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x88CF3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D7E2000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA 檔案模擬篩選器驅動程式)
0x8CD69000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, 序列裝置驅動程式)
0xACF69000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8CD14000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAD83B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8CD8D000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, 平行連接埠驅動程式)
0x8D751000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x88DD8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8D781000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xACFD6000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D6BF000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D608000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8D6D5000 C:\Windows\system32\DRIVERS\inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xACF82000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D055000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xAD9D5000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8D041000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D628000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D16F000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 連接埠驅動程式)
0xACECC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D6F8000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8CD4C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x88F77000 C:\Windows\system32\drivers\psdvdisk.sys 73728 bytes (HiTRUST, PSD Virtual Disk Driver)
0x8D1DA000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xAD9EA000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x88FC8000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xAD8D0000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0x8D5E8000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80670000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, 指定平台硬體錯誤驅動程式)
0x88F66000 C:\Windows\system32\DRIVERS\SISAGPX.sys 69632 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0x88F4D000 C:\Windows\system32\DRIVERS\uagp35.sys 69632 bytes (Microsoft Corporation, MS AGPv3.5 篩選器)
0x889EC000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D771000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xACEBC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88984000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8CD2E000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CD04000 C:\Windows\system32\DRIVERS\SiSGB6.sys 65536 bytes (Silicon Integrated Systems Corp., NDIS 6.0 Miniport Driver for SiS191/SiS190 Ethernet Device)
0x8D06A000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x88D54000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8D7D3000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88F92000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x88907000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D032000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8CCF5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x88916000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8CD3E000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x968C0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D6EA000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D1EE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88976000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8D7A9000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D0BB000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8CCA0000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8887C000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAD9C9000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D192000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D7B6000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8CD5E000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x8D07A000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, 鍵盤類別驅動程式)
0x8CDB8000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, 滑鼠類別驅動程式)
0x8D1CF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x88DEF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CDF1000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x88D40000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D61E000 C:\Windows\System32\DRIVERS\cmdhlp.sys 40960 bytes (COMODO, COMODO Internet Security Helper Driver)
0x8D7C9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D0B1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D747000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAD9BF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8CD83000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8CCAD000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x88D17000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x88D0E000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D166000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D768000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8D7A0000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID 鍵盤篩選器驅動程式)
0xACFEC000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x807AA000 C:\Windows\system32\DRIVERS\psdfilter.sys 36864 bytes (HiTRUST, PSD Filter Driver)
0x88F89000 C:\Windows\system32\drivers\PSDNServ.sys 36864 bytes (HiTRUST, PSD Named Pipe Driver)
0x807B3000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8D000000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x968A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88D4B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x888CF000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8D6B6000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x88994000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80681000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8D121000 C:\Windows\System32\DRIVERS\cmderd.sys 32768 bytes (COMODO, COMODO Internet Security Eradication Driver)
0x8D7C1000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x80608000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8D798000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID 滑鼠篩選器驅動程式)
0x888D8000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D1BF000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D1C7000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88F5E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8D400000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D18B000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8D5F9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xAD8C9000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM 平行驅動程式)
0x8896F000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8CD2C000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8D085000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D1EC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x03CD0000 Hidden Image-->log4net.dll [ EPROCESS 0xAD05E720 ] PID: 3060, 282624 bytes
0x01800000 Hidden Image-->MemCheck.Interface.dll [ EPROCESS 0xAD05E720 ] PID: 3060, 28672 bytes
0x00960000 Hidden Image-->ServiceInterface.dll [ EPROCESS 0x81E19020 ] PID: 3588, 28672 bytes
0x00A90000 Hidden Image-->IERYETF.dll [ EPROCESS 0x81E19020 ] PID: 3588, 28672 bytes
0x03CC0000 Hidden Image-->ePerformance.Library.dll [ EPROCESS 0xAD05E720 ] PID: 3060, 53248 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
!-->[Hidden] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{25E9E707-1A19-4C87-B269-95527D1B746C}
!-->[Hidden] C:\Users\acer\AppData\Local\Temp\~DF1CD2.tmp::$DATA
!-->[Hidden] C:\Users\acer\AppData\Local\Temp\~DF6EDD.tmp::$DATA
!-->[Hidden] C:\Users\acer\AppData\Local\Temp\~DFA587.tmp::$DATA
!-->[Hidden] C:\Users\acer\AppData\Local\Temp\~DFAE0C.tmp::$DATA
!-->[Hidden] C:\Users\acer\AppData\Local\Temp\~DFC44C.tmp::$DATA
!-->[Hidden] C:\Users\acer\AppData\Local\Temp\~DFDF8B.tmp::$DATA
!-->[Hidden] C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-C9522E87.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x836F0EEA-->836F0EF1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8EF8, Type: Inline - RelativeJump 0x836F4EF8-->836F4F5F [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8F10, Type: Inline - RelativeJump 0x836F4F10-->836F4F79 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8FD8, Type: Inline - RelativeCall 0x836F4FD8-->89FC634B [unknown_code_page]
[1012]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1012]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1012]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1012]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1012]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1012]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1012]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1012]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1012]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1012]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1012]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1012]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1012]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1012]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1012]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1012]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1012]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1012]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1012]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1012]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1012]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1012]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1012]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1012]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1060]cmdagent.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [unknown_code_page]
[1060]cmdagent.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [unknown_code_page]
[1184]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1184]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1184]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1184]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1184]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1184]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1184]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1184]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1184]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1184]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1184]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1184]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1184]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1184]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1184]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1184]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1184]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1184]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1184]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1184]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1184]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1184]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1184]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1184]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1232]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1232]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1232]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1232]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1232]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1232]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1232]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1232]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1304]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1304]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1304]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1304]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1304]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1304]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1304]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1304]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1304]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1304]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1304]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1304]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1304]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1304]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1304]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1304]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1304]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1304]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1304]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1304]svchost.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[1304]svchost.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[1304]svchost.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[1304]svchost.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1352]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1352]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1352]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1352]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1352]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1352]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1352]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1352]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1392]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1392]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1392]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1392]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1392]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1392]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1392]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1392]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1392]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1392]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1392]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1392]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1476]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1476]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1476]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1476]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1476]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1476]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1476]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1476]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1476]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1476]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1476]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1476]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1476]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1476]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1476]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1476]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1476]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1476]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1476]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1476]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1476]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1476]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1476]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1476]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:16 pm

2. continued

[1556]explorer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1556]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1556]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1556]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1556]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1556]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1556]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1556]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1556]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1556]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1556]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1556]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1556]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1556]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1556]explorer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1556]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1556]explorer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1556]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1556]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1556]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1556]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1556]explorer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1556]explorer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1556]explorer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[1556]explorer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[1556]explorer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[1556]explorer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[1556]explorer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1556]explorer.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[1556]explorer.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[1592]taskeng.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1592]taskeng.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1592]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1592]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1592]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1592]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1592]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1592]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1592]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1592]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1592]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1592]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1592]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1592]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1592]taskeng.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1592]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1592]taskeng.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1592]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1592]taskeng.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1592]taskeng.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1592]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1592]taskeng.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1592]taskeng.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1592]taskeng.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[1592]taskeng.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[1592]taskeng.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[1592]taskeng.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[1592]taskeng.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1612]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1612]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1612]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1612]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1612]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1612]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1612]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1612]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1612]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1612]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1612]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1612]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1612]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1612]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1612]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1612]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1612]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1612]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1612]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1612]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1612]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1612]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1612]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1612]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[1612]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[1612]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[1612]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[1612]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1612]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[1612]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 10th, 2010, 2:20 pm

Hi pfge,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:22 pm

2. continued

[168]iexplore.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[168]iexplore.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[168]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[168]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[168]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[168]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[168]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[168]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[168]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [IEShims.dll]
[168]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[168]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[168]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[168]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[168]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[168]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[168]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B71130-->00000000 [IEShims.dll]
[168]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B7119C-->00000000 [IEShims.dll]
[168]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B711BC-->00000000 [IEShims.dll]
[168]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [IEShims.dll]
[168]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B7111C-->00000000 [IEShims.dll]
[168]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B71110-->00000000 [IEShims.dll]
[168]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [IEShims.dll]
[168]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B711AC-->00000000 [IEShims.dll]
[168]iexplore.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[168]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[168]iexplore.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[168]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[168]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[168]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[168]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C94123C-->00000000 [IEShims.dll]
[168]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x770B99E8-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[168]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[168]iexplore.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[168]iexplore.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x080E125C-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x080E13B0-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x080E1460-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x080E11A8-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x080E12E8-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x080E13B4-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x080E132C-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x080E1328-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x080E1118-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x080E1280-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x080E1370-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x080E14A0-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x080E13BC-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x080E14E8-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x080E1390-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x080E1168-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x080E1104-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x080E13A0-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x080E136C-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x080E1428-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x080E13C0-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x080E130C-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x080E13AC-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x080E1144-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x080E1384-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x080E14F8-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x080E13B8-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x080E116C-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x080E1170-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x080E2318-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[168]iexplore.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[168]iexplore.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[168]iexplore.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[168]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x080E1890-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x080E1A6C-->00000000 [IEShims.dll]
[168]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x080E191C-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x757A8C33-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x757C27CD-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x757C9AFA-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x757C16FD-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x757D1C58-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x757B3D67-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x757E83DD-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x757ABD25-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x757E80B2-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x757C1FD5-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x757ADC79-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x757AC178-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[168]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x757A8DF4-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x757B87C7-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x757C179A-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x757B99AE-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->00000000 [IEShims.dll]
[168]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x757FD93C-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x757FD5D1-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x757FD5F5-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x757FD471-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x757FD56B-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x757ABEE7-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x757E6F1A-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x757D1ECE-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x757A7B69-->00000000 [ieframe.dll]
[168]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x757D08BE-->00000000 [ieframe.dll]
[168]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [IEShims.dll]
[168]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [IEShims.dll]
[1756]dwm.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1756]dwm.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1756]dwm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1756]dwm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1756]dwm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1756]dwm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1756]dwm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1756]dwm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1756]dwm.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1756]dwm.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1756]dwm.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1756]dwm.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1756]dwm.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1756]dwm.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1756]dwm.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1756]dwm.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1756]dwm.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1756]dwm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1756]dwm.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1756]dwm.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1756]dwm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1756]dwm.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1756]dwm.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1756]dwm.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1924]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1924]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1924]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1924]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1924]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1924]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1924]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1924]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1924]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1924]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1924]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1924]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1924]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1924]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1924]spoolsv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1924]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1924]spoolsv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1924]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1924]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1924]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1924]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1924]spoolsv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1924]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[1924]spoolsv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[1924]spoolsv.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
[1948]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[1948]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[1948]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[1948]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[1948]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[1948]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[1948]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[1948]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[1948]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[1948]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[1948]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[1948]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[1948]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[1948]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[1948]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[1948]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[1948]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[1948]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[1948]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[1948]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[1948]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[1948]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[1948]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[1948]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2304]iexplore.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2304]iexplore.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2304]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2304]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2304]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2304]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2304]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2304]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2304]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2304]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x770B99E8-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2304]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2304]iexplore.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2304]iexplore.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2304]iexplore.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2304]iexplore.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2304]iexplore.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2304]iexplore.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2304]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x757B3D67-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x757E83DD-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x757ABD25-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x757E80B2-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x757C1FD5-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2304]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x757FD5D1-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x757FD5F5-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x757FD471-->00000000 [ieframe.dll]
[2304]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x757FD56B-->00000000 [ieframe.dll]
[2304]iexplore.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[2304]iexplore.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2312]RtHDVCpl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2312]RtHDVCpl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2312]RtHDVCpl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2312]RtHDVCpl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2312]RtHDVCpl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2312]RtHDVCpl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2312]RtHDVCpl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2312]RtHDVCpl.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2312]RtHDVCpl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2312]RtHDVCpl.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2312]RtHDVCpl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2312]RtHDVCpl.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2312]RtHDVCpl.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2312]RtHDVCpl.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:24 pm

2. continued

[2336]PCMService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2336]PCMService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2336]PCMService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2336]PCMService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2336]PCMService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2336]PCMService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2336]PCMService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2336]PCMService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2336]PCMService.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[2336]PCMService.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2344]eDSLoader.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2344]eDSLoader.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[2344]eDSLoader.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2372]SysMonitor.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2372]SysMonitor.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x77C81618-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x77C814E0-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [unknown_code_page]
[2416]cfp.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->gdi32.dll-->DeleteObject, Type: IAT modification 0x080E1684-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x080E12E0-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->AdjustWindowRectEx, Type: IAT modification 0x080E1774-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->CallWindowProcW, Type: IAT modification 0x080E1818-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x080E1A50-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->DrawEdge, Type: IAT modification 0x080E1990-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->DrawFrameControl, Type: IAT modification 0x080E1994-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->FillRect, Type: IAT modification 0x080E1A38-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->GetScrollInfo, Type: IAT modification 0x080E1884-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x080E19F0-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x080E19A8-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->GetSystemMetrics, Type: IAT modification 0x080E1A9C-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->RegisterClassW, Type: IAT modification 0x080E1A00-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->SetScrollInfo, Type: IAT modification 0x080E1B08-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->SystemParametersInfoW, Type: IAT modification 0x080E18B8-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x4B0D11DC-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x4B0D116C-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2476]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2476]jusched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2476]jusched.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2476]jusched.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2476]jusched.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2476]jusched.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2476]jusched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2476]jusched.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[2476]jusched.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2532]sidebar.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2532]sidebar.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2532]sidebar.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2532]sidebar.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2532]sidebar.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2532]sidebar.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2532]sidebar.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2532]sidebar.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[2532]sidebar.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[2532]sidebar.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[2532]sidebar.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B71130-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B7119C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B711BC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B7111C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B71110-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B711AC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2880]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2880]iexplore.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2880]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C94123C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x770B99E8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2880]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2880]iexplore.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x080E125C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x080E13B0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x080E1460-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x080E11A8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x080E12E8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x080E13B4-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x080E132C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x080E1328-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x080E1118-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x080E1280-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x080E1370-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x080E14A0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x080E13BC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x080E14E8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x080E1390-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x080E1168-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x080E1104-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x080E13A0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x080E136C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x080E1428-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x080E13C0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x080E130C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x080E13AC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x080E1144-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x080E1384-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x080E14F8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x080E13B8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x080E116C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x080E1170-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x080E2318-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x080E1890-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x080E1A6C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x080E191C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x757A8C33-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x757C27CD-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x757C9AFA-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x757C16FD-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x757D1C58-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x757B3D67-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x757E83DD-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x757ABD25-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x757E80B2-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x757C1FD5-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x757ADC79-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x757AC178-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2880]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x757A8DF4-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x757B87C7-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x757C179A-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x757B99AE-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x757FD93C-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x757FD5D1-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x757FD5F5-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x757FD471-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x757FD56B-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x757ABEE7-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x757E6F1A-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x757D1ECE-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x757A7B69-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x757D08BE-->00000000 [ieframe.dll]
[2880]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [IEShims.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3060]MemCheck.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3060]MemCheck.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3060]MemCheck.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3060]MemCheck.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3060]MemCheck.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3060]MemCheck.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3060]MemCheck.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware