Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

How to remove Rogue.AntiVirusPC2009

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:26 pm

2. continued

[3136]CLCapSvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3136]CLCapSvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3152]eDSService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3152]eDSService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3152]eDSService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3152]eDSService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3152]eDSService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3152]eDSService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3152]eDSService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3152]eDSService.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[3152]eDSService.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3260]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3260]LSSrvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3352]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3352]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3372]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3372]taskeng.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3372]taskeng.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3372]taskeng.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3372]taskeng.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3372]taskeng.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3372]taskeng.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3380]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3380]RichVideo.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3380]RichVideo.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3380]RichVideo.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3380]RichVideo.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3380]RichVideo.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3380]RichVideo.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am
Advertisement
Register to Remove

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:27 pm

2. continued

[3404]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3404]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3404]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3404]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3404]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3404]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3404]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3404]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3404]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3404]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3404]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3404]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3404]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3404]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3404]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3404]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3404]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3404]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3404]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3404]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3404]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3404]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3404]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3404]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3464]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3464]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3464]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3464]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3464]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3464]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3464]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3464]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3464]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3464]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3464]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3464]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3464]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3464]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3464]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3464]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3464]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3464]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3464]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3464]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3464]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3464]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3464]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3464]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3520]SearchIndexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3520]SearchIndexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3520]SearchIndexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3520]SearchIndexer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3520]SearchIndexer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3520]SearchIndexer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3520]SearchIndexer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3520]SearchIndexer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3520]SearchIndexer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3520]SearchIndexer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3520]SearchIndexer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3520]SearchIndexer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3520]SearchIndexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3520]SearchIndexer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3520]SearchIndexer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3588]eRecoveryService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3588]eRecoveryService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3588]eRecoveryService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3588]eRecoveryService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3588]eRecoveryService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3588]eRecoveryService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3588]eRecoveryService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3588]eRecoveryService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3588]eRecoveryService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3588]eRecoveryService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3588]eRecoveryService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3588]eRecoveryService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3588]eRecoveryService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3588]eRecoveryService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3588]eRecoveryService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:28 pm

2. continued

[3712]CLSched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3712]CLSched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3712]CLSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3712]CLSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3712]CLSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3712]CLSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3712]CLSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3712]CLSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3712]CLSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3712]CLSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3712]CLSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3712]CLSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3712]CLSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3712]CLSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3712]CLSched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3712]CLSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3712]CLSched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3712]CLSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3712]CLSched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3712]CLSched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3712]CLSched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3712]CLSched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3712]CLSched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3712]CLSched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3772]WUDFHost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3772]WUDFHost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3772]WUDFHost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3772]WUDFHost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3772]WUDFHost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3772]WUDFHost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3772]WUDFHost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3772]WUDFHost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3772]WUDFHost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3772]WUDFHost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3772]WUDFHost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3772]WUDFHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3772]WUDFHost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3772]WUDFHost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3772]WUDFHost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3840]WmiPrvSE.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3840]WmiPrvSE.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3840]WmiPrvSE.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3840]WmiPrvSE.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3840]WmiPrvSE.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3840]WmiPrvSE.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3840]WmiPrvSE.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3840]WmiPrvSE.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3840]WmiPrvSE.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3840]WmiPrvSE.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3840]WmiPrvSE.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3840]WmiPrvSE.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3840]WmiPrvSE.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[3840]WmiPrvSE.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[3840]WmiPrvSE.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
[3944]mobsync.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3944]mobsync.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3944]mobsync.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3944]mobsync.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3944]mobsync.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3944]mobsync.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3944]mobsync.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3944]mobsync.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3944]mobsync.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3944]mobsync.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3944]mobsync.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3944]mobsync.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3944]mobsync.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3944]mobsync.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3944]mobsync.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3944]mobsync.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3944]mobsync.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3944]mobsync.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3944]mobsync.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3944]mobsync.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3944]mobsync.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3944]mobsync.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3944]mobsync.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3944]mobsync.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3944]mobsync.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3944]mobsync.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3944]mobsync.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3944]mobsync.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:29 pm

2. continued

[5560]taskeng.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[5560]taskeng.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[5560]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[5560]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[5560]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[5560]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[5560]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[5560]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[5560]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[5560]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[5560]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[5560]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[5560]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[5560]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[5560]taskeng.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[5560]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[5560]taskeng.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[5560]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[5560]taskeng.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[5560]taskeng.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[5560]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[5560]taskeng.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[5560]taskeng.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[5560]taskeng.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[5560]taskeng.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[5560]taskeng.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[5560]taskeng.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[5560]taskeng.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[5580]conime.exe-->ntdll.dll-->NtTestAlert, Type: Inline - RelativeJump 0x770B9148-->00000000 [unknown_code_page]
[5708]conime.exe-->ntdll.dll-->NtTestAlert, Type: Inline - RelativeJump 0x770B9148-->00000000 [unknown_code_page]
[6016]conime.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[6016]conime.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[6016]conime.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[6016]conime.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[6016]conime.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[6016]conime.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[6016]conime.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[6016]conime.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[6016]conime.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[6016]conime.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[6016]conime.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[6016]conime.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[6016]conime.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[6016]conime.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[6016]conime.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[6016]conime.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[6016]conime.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[6016]conime.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[6016]conime.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[6016]conime.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[6016]conime.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[6016]conime.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[6016]conime.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[6016]conime.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[648]wininit.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[648]wininit.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[648]wininit.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[648]wininit.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[648]wininit.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[648]wininit.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[648]wininit.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[648]wininit.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[648]wininit.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[648]wininit.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[648]wininit.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[648]wininit.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[648]wininit.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[648]wininit.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[648]wininit.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[648]wininit.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[648]wininit.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[648]wininit.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[648]wininit.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[648]wininit.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[648]wininit.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[648]wininit.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[648]wininit.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[648]wininit.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[648]wininit.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[648]wininit.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[648]wininit.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[648]wininit.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:30 pm

2. continued

[692]services.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[692]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[692]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[692]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[692]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[692]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[692]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[692]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[692]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[692]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[692]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[692]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[692]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[692]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[692]services.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[692]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[692]services.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[692]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[692]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[692]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[692]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[692]services.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[692]services.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[692]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[744]lsass.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[744]lsass.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[744]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[744]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[744]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[744]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[744]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[744]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[744]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[744]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[744]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[744]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[744]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[744]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[744]lsass.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[744]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[744]lsass.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[744]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[744]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[744]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[744]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[744]lsass.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[744]lsass.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[744]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[744]lsass.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[744]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[744]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[744]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
[756]lsm.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[756]lsm.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[756]lsm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[756]lsm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[756]lsm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[756]lsm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[756]lsm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[756]lsm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[756]lsm.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[756]lsm.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[756]lsm.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[756]lsm.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[756]lsm.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[756]lsm.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[756]lsm.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[756]lsm.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[756]lsm.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[756]lsm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[756]lsm.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[756]lsm.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[756]lsm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[756]lsm.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[756]lsm.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[756]lsm.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[936]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[936]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[936]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[936]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[936]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[936]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[936]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[936]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[936]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[936]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[936]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[936]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[936]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[936]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[936]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[936]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[936]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[936]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[936]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[936]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[936]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[936]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[936]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[936]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 10th, 2010, 2:33 pm

OK, please follow the last post here and run TDSSKiller.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 2:55 pm

deltalima wrote:Hi pfge,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.


Image

2010/12/11 02:37:24.0273 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 02:37:24.0273 ================================================================================
2010/12/11 02:37:24.0273 SystemInfo:
2010/12/11 02:37:24.0273
2010/12/11 02:37:24.0273 OS Version: 6.0.6001 ServicePack: 1.0
2010/12/11 02:37:24.0273 Product type: Workstation
2010/12/11 02:37:24.0273 ComputerName: ACER-PC
2010/12/11 02:37:24.0273 UserName: acer
2010/12/11 02:37:24.0273 Windows directory: C:\Windows
2010/12/11 02:37:24.0273 System windows directory: C:\Windows
2010/12/11 02:37:24.0273 Processor architecture: Intel x86
2010/12/11 02:37:24.0273 Number of processors: 2
2010/12/11 02:37:24.0273 Page size: 0x1000
2010/12/11 02:37:24.0273 Boot type: Normal boot
2010/12/11 02:37:24.0273 ================================================================================
2010/12/11 02:37:25.0037 Initialize success
2010/12/11 02:37:40.0918 ================================================================================
2010/12/11 02:37:40.0918 Scan started
2010/12/11 02:37:40.0918 Mode: Manual;
2010/12/11 02:37:40.0918 ================================================================================
2010/12/11 02:37:41.0417 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/12/11 02:37:41.0479 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/11 02:37:41.0573 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/11 02:37:41.0635 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/11 02:37:41.0682 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/11 02:37:41.0823 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/12/11 02:37:41.0885 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/11 02:37:41.0947 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/12/11 02:37:42.0010 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/11 02:37:42.0072 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/12/11 02:37:42.0135 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/11 02:37:42.0181 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/11 02:37:42.0291 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/11 02:37:42.0369 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/11 02:37:42.0431 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/11 02:37:42.0509 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/12/11 02:37:42.0649 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/12/11 02:37:42.0712 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/11 02:37:42.0915 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/11 02:37:42.0993 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/11 02:37:43.0086 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/11 02:37:43.0164 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/11 02:37:43.0242 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/11 02:37:43.0305 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/11 02:37:43.0351 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/11 02:37:43.0414 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/11 02:37:43.0476 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/11 02:37:43.0539 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/11 02:37:43.0663 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/11 02:37:43.0741 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/12/11 02:37:43.0913 cmderd (b7674a33153d027403032f79e831ee92) C:\Windows\system32\DRIVERS\cmderd.sys
2010/12/11 02:37:43.0975 cmdGuard (594002171dd9f6f8a1600174f1e20efd) C:\Windows\system32\DRIVERS\cmdguard.sys
2010/12/11 02:37:44.0163 cmdHlp (190959127a956528d14fb9bc056241b3) C:\Windows\system32\DRIVERS\cmdhlp.sys
2010/12/11 02:37:44.0334 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/12/11 02:37:44.0397 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/12/11 02:37:44.0459 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/11 02:37:44.0506 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/11 02:37:44.0693 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/12/11 02:37:44.0755 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/12/11 02:37:44.0849 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/11 02:37:44.0927 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/11 02:37:44.0989 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/11 02:37:45.0067 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/12/11 02:37:45.0145 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/11 02:37:45.0286 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/12/11 02:37:45.0333 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/12/11 02:37:45.0426 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/11 02:37:45.0520 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/11 02:37:45.0582 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/11 02:37:45.0629 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/11 02:37:45.0691 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/12/11 02:37:45.0785 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/11 02:37:45.0832 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/11 02:37:45.0925 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/11 02:37:46.0035 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/11 02:37:46.0097 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/11 02:37:46.0206 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/11 02:37:46.0300 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/11 02:37:46.0409 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/11 02:37:46.0487 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2010/12/11 02:37:46.0581 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/11 02:37:46.0643 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/11 02:37:46.0705 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/11 02:37:46.0830 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/11 02:37:46.0955 inspect (17b9e77307cf3b2b5102e17f444c10be) C:\Windows\system32\DRIVERS\inspect.sys
2010/12/11 02:37:47.0049 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2010/12/11 02:37:47.0329 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/11 02:37:47.0563 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/12/11 02:37:47.0641 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/11 02:37:47.0735 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/11 02:37:47.0907 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/11 02:37:48.0000 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/11 02:37:48.0078 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/11 02:37:48.0141 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/11 02:37:48.0234 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/11 02:37:48.0281 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/11 02:37:48.0343 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/11 02:37:48.0406 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/11 02:37:48.0468 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/11 02:37:48.0562 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/11 02:37:48.0702 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/11 02:37:48.0811 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/11 02:37:48.0874 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/11 02:37:48.0967 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/11 02:37:49.0045 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/11 02:37:49.0108 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/11 02:37:49.0217 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/11 02:37:49.0279 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/11 02:37:49.0404 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/11 02:37:49.0498 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/11 02:37:49.0591 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/11 02:37:49.0685 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/11 02:37:49.0763 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/11 02:37:49.0966 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/11 02:37:50.0200 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/12/11 02:37:50.0247 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/11 02:37:50.0340 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/11 02:37:50.0403 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/11 02:37:50.0496 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/12/11 02:37:50.0559 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/11 02:37:50.0715 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/11 02:37:50.0917 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/11 02:37:51.0058 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/11 02:37:51.0105 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/11 02:37:51.0151 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/11 02:37:51.0214 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/12/11 02:37:51.0323 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/11 02:37:51.0417 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/11 02:37:51.0495 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/12/11 02:37:51.0651 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/11 02:37:51.0713 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/12/11 02:37:51.0869 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/11 02:37:51.0916 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/11 02:37:51.0994 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/11 02:37:52.0103 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/11 02:37:52.0165 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/11 02:37:52.0259 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/11 02:37:52.0399 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/11 02:37:52.0540 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/12/11 02:37:52.0649 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/11 02:37:52.0805 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/12/11 02:37:52.0930 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2010/12/11 02:37:52.0977 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/11 02:37:53.0039 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/11 02:37:53.0164 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/11 02:37:53.0211 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/11 02:37:53.0257 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/11 02:37:53.0460 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/11 02:37:53.0601 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/12/11 02:37:53.0647 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/12/11 02:37:53.0741 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/11 02:37:53.0803 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/12/11 02:37:53.0850 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/12/11 02:37:53.0959 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/11 02:37:54.0037 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/11 02:37:54.0318 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/11 02:37:54.0365 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/11 02:37:54.0459 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/11 02:37:54.0505 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2010/12/11 02:37:54.0537 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2010/12/11 02:37:54.0599 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2010/12/11 02:37:54.0646 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/11 02:37:54.0739 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/11 02:37:54.0849 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/11 02:37:54.0989 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/11 02:37:55.0051 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/11 02:37:55.0176 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/11 02:37:55.0301 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/11 02:37:55.0395 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/11 02:37:55.0504 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/11 02:37:55.0566 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/11 02:37:55.0691 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/11 02:37:55.0769 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/11 02:37:55.0894 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/12/11 02:37:56.0065 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/11 02:37:56.0143 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/11 02:37:56.0315 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/11 02:37:56.0424 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/11 02:37:56.0487 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/12/11 02:37:56.0580 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/11 02:37:56.0736 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/11 02:37:56.0783 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/11 02:37:56.0877 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/11 02:37:56.0939 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/11 02:37:57.0033 SiS6350 (4fbd2c53c1e04f8e35c96747984fde13) C:\Windows\system32\DRIVERS\SISGRKMD.sys
2010/12/11 02:37:57.0235 SISAGP (df1af7f5f1ec7800b3ac398acc06c754) C:\Windows\system32\DRIVERS\SISAGPX.sys
2010/12/11 02:37:57.0298 SiSGbeLH (f3c4c6c4daf2212ac905475ed0f0fb1b) C:\Windows\system32\DRIVERS\SiSGB6.sys
2010/12/11 02:37:57.0376 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/11 02:37:57.0438 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/11 02:37:57.0532 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/12/11 02:37:57.0688 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/11 02:37:57.0766 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2010/12/11 02:37:57.0875 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/11 02:37:57.0953 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/11 02:37:58.0156 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/11 02:37:58.0312 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/11 02:37:58.0374 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/11 02:37:58.0499 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/11 02:37:58.0624 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys
2010/12/11 02:37:58.0749 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/12/11 02:37:58.0889 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/11 02:37:58.0951 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/11 02:37:59.0029 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/11 02:37:59.0123 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/11 02:37:59.0201 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/11 02:37:59.0279 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/11 02:37:59.0451 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/11 02:37:59.0513 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/11 02:37:59.0638 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/11 02:37:59.0700 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/11 02:37:59.0778 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/11 02:37:59.0919 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/11 02:37:59.0997 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/11 02:38:00.0090 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/11 02:38:00.0153 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/11 02:38:00.0231 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/11 02:38:00.0371 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/11 02:38:00.0433 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/11 02:38:00.0558 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/11 02:38:00.0621 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/11 02:38:00.0730 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/11 02:38:00.0823 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/12/11 02:38:00.0917 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/11 02:38:00.0995 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/11 02:38:01.0120 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/11 02:38:01.0182 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/11 02:38:01.0291 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/11 02:38:01.0385 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/11 02:38:01.0479 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/12/11 02:38:01.0572 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/11 02:38:01.0650 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/12/11 02:38:01.0728 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/12/11 02:38:01.0822 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/11 02:38:01.0978 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/11 02:38:02.0056 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 02:38:02.0103 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 02:38:02.0227 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/11 02:38:02.0305 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/11 02:38:02.0586 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/11 02:38:02.0711 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/11 02:38:02.0836 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/11 02:38:02.0976 ================================================================================
2010/12/11 02:38:02.0976 Scan finished
2010/12/11 02:38:02.0976 ================================================================================
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 10th, 2010, 3:31 pm

Hi pfge,

Please run RKill then run Malwarebytes, update and run a quick scan then post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 10th, 2010, 8:47 pm

1. run Rkill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on /12/11 星期六 at 8:27:00.
Operating System: Windows Vista (TM) Home Basic


Processes terminated by Rkill or while it was running:



Rkill completed on /12/11 星期六 at 8:27:18.


2. run Malwarebytes

Image

Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.org

資料庫版本: 5291

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

2010/12/11 上午 08:38:54
mbam-log-2010-12-11 (08-38-54).txt

掃描類型: 快速掃描 (quick scanning)
被掃描物件 (scanned object) 數量 (number): 135251
總共掃描時間 (total scanning time): 4 分鐘, 43 秒

被感染 (Infected) 記憶體 (memory) 進程數量 (number): 0
被感染記憶體模組數量: 0
被感染註冊表項目數量: 0
被感染註冊表值數量: 0
被感染註冊表資料項目數量: 0
被感染資料夾 (Infected folder) 數量: 1
被感染檔案數量: 0

被感染記憶體進程數量:
(沒有檢測到有害項目)(Do not detect any harmful item)

被感染記憶體模組數量:
(沒有檢測到有害項目)

被感染註冊表項目數量:
(沒有檢測到有害項目)

被感染註冊表值數量:
(沒有檢?
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 11th, 2010, 5:50 am

Hi pfge,

That item says "No Action taken", please choose to delete that item then run a new scan and post the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 11th, 2010, 8:39 am

I had deleted the infected one using Malwarebytes last time.

I change language to English this time.

Image

Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.org

Database version: 5291

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

2010/12/11 下午 08:31:58
mbam-log-2010-12-11 (20-31-58).txt

Scan type: Quick scan
Objects scanned: 135484
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 11th, 2010, 12:24 pm

Hi pfge,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    c:\program files\antivirus pc 2009\quarantine
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Download SystemLook and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    c:\program files\antivirus pc 2009 /sub
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Now please run a quick scan with Malwarebytes and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 11th, 2010, 1:12 pm

1. run OTL

All processes killed
========== FILES ==========
File\Folder c:\program files\antivirus pc 2009\quarantine not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: acer
->Temp folder emptied: 523815 bytes
->Temporary Internet Files folder emptied: 11437043 bytes
->Java cache emptied: 114455768 bytes
->FireFox cache emptied: 79262222 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 11143 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 529164 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 197.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12122010_004355

Files\Folders moved on Reboot...
C:\Users\acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L6YHX3IR\viewtopic[1].htm moved successfully.
C:\Users\acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


2. run SystemLook

SystemLook 04.09.10 by jpshortstuff
Log created at 01:03 on 12/12/2010 by acer
Administrator - Elevation successful

========== dir ==========

c:\program files\antivirus pc 2009 - Unable to find folder.

-= EOF =-


3. run Malwarebytes

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5296

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

2010/12/12 上午 01:11:32
mbam-log-2010-12-12 (01-11-32).txt

Scan type: Quick scan
Objects scanned: 135053
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am

Re: How to remove Rogue.AntiVirusPC2009

Unread postby deltalima » December 11th, 2010, 1:29 pm

Hi pfge,

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    c:\program files
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: How to remove Rogue.AntiVirusPC2009

Unread postby pfge » December 11th, 2010, 8:16 pm

run SystemLook


SystemLook 04.09.10 by jpshortstuff
Log created at 08:14 on 12/12/2010 by acer
Administrator - Elevation successful

========== dir ==========

c:\program files - Parameters: "(none)"

---Files---
desktop.ini --ahs-- 174 bytes [12:48 02/11/2006] [16:49 20/04/2008]
TakeOwn(Get ownership of files).zip --a---- 356059 bytes [12:33 04/01/2009] [12:45 04/01/2009]

---Folders---
7-Zip d------ [10:30 25/03/2010]
Absolute Uninstaller d------ [14:30 04/01/2009]
Acer Inc d------ [06:23 25/09/2007]
Adobe d------ [02:57 11/07/2007]
AML Products d------ [23:14 08/11/2010]
Autoruns d------ [01:29 28/07/2010]
CCleaner d------ [12:09 14/03/2009]
Common Files d------ [11:18 02/11/2006]
COMODO d------ [00:57 04/10/2010]
Cyberlink d------ [03:24 11/07/2007]
Google d------ [12:32 26/02/2008]
InstallShield Installation Information d--h--- [03:02 11/07/2007]
Internet Explorer d------ [11:18 02/11/2006]
Java d------ [12:13 08/02/2008]
K-Lite Codec Pack d------ [04:19 14/08/2010]
Malwarebytes' Anti-Malware d------ [11:35 14/04/2010]
Microsoft d------ [23:21 23/04/2009]
Microsoft Games d------ [12:35 02/11/2006]
Microsoft Silverlight d------ [13:07 07/04/2008]
Microsoft Works d------ [03:10 11/07/2007]
Microsoft.NET d------ [20:01 20/05/2010]
Movie Maker d------ [12:35 02/11/2006]
Mozilla Firefox d------ [11:28 15/01/2009]
MSBuild d------ [12:35 02/11/2006]
MSECACHE d------ [06:04 16/06/2008]
MSXML 4.0 d------ [01:03 13/12/2007]
NCH Software d------ [05:01 04/12/2008]
NewTech Infosystems d------ [03:34 11/07/2007]
OpenOffice.org 3 d------ [09:19 27/11/2008]
PhotoScape d------ [11:16 25/01/2009]
Picasa35 d------ [12:36 26/02/2008]
PicPick d------ [11:45 16/04/2010]
Realtek d------ [03:02 11/07/2007]
Reference Assemblies d------ [12:35 02/11/2006]
SiS VGA Utilities d------ [06:19 25/09/2007]
SpeedBit Video Accelerator d------ [06:22 03/04/2010]
Tacmi d------ [05:57 15/10/2010]
Temp d------ [23:41 09/12/2010]
Trend Micro d------ [13:19 04/02/2008]
TWCA d------ [22:55 01/08/2008]
Uninstall Information d--h--- [12:58 02/11/2006]
WebShot d------ [07:06 23/08/2010]
Windows Calendar d------ [12:35 02/11/2006]
Windows Collaboration d------ [12:35 02/11/2006]
Windows Defender d------ [12:35 02/11/2006]
Windows Installer Clean Up d------ [02:04 01/01/2009]
Windows Live d------ [11:10 30/03/2008]
Windows Mail d------ [11:18 02/11/2006]
Windows Media Player d------ [12:35 02/11/2006]
Windows NT d------ [11:18 02/11/2006]
Windows Photo Gallery d------ [12:35 02/11/2006]
Windows Sidebar d------ [12:35 02/11/2006]
Woopra d------ [15:55 03/02/2009]

-= EOF =-
pfge
Regular Member
 
Posts: 33
Joined: February 4th, 2008, 9:47 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 479 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware