Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

corrupt system restore + virus scanner not detecting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 4:57 pm

[2019/03/07 18:56:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2019/03/07 18:56:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2019/03/07 18:56:51 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipmontr.dll
[2019/03/07 18:56:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\itircl.dll
[2019/03/07 18:56:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\itircl.dll
[2019/03/07 18:56:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hdwwiz.cpl
[2019/03/07 18:56:51 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2019/03/07 18:56:51 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\initpki.dll
[2019/03/07 18:56:51 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hotplug.dll
[2019/03/07 18:56:51 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iasrecst.dll
[2019/03/07 18:56:51 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iasrecst.dll
[2019/03/07 18:56:51 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\itss.dll
[2019/03/07 18:56:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ifmon.dll
[2019/03/07 18:56:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\intl.cpl
[2019/03/07 18:56:51 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\input.dll
[2019/03/07 18:56:51 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\idq.dll
[2019/03/07 18:56:51 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iasrad.dll
[2019/03/07 18:56:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe
[2019/03/07 18:56:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcplc.dll
[2019/03/07 18:56:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcplc.dll
[2019/03/07 18:56:51 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iphlpapi.dll
[2019/03/07 18:56:51 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2019/03/07 18:56:51 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrlui.dll
[2019/03/07 18:56:51 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iassam.dll
[2019/03/07 18:56:51 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iassam.dll
[2019/03/07 18:56:51 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxmontr.dll
[2019/03/07 18:56:51 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxmontr.dll
[2019/03/07 18:56:51 | 000,080,384 | ---- | C] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2019/03/07 18:56:51 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetpp.dll
[2019/03/07 18:56:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlink.dll
[2019/03/07 18:56:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ifsutil.dll
[2019/03/07 18:56:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ifsutil.dll
[2019/03/07 18:56:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2019/03/07 18:56:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxpromn.dll
[2019/03/07 18:56:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxpromn.dll
[2019/03/07 18:56:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\joy.cpl
[2019/03/07 18:56:51 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxsap.dll
[2019/03/07 18:56:51 | 000,065,536 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgsh400.dll
[2019/03/07 18:56:51 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iasnap.dll
[2019/03/07 18:56:51 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iasnap.dll
[2019/03/07 18:56:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6mon.dll
[2019/03/07 18:56:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iassvcs.dll
[2019/03/07 18:56:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iassvcs.dll
[2019/03/07 18:56:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe
[2019/03/07 18:56:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2019/03/07 18:56:51 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icmui.dll
[2019/03/07 18:56:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ixsso.dll
[2019/03/07 18:56:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6.exe
[2019/03/07 18:56:51 | 000,047,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jobexec.dll
[2019/03/07 18:56:51 | 000,047,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jobexec.dll
[2019/03/07 18:56:51 | 000,045,568 | ---- | C] (America Online) -- C:\WINDOWS\System32\jgsd400.dll
[2019/03/07 18:56:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2019/03/07 18:56:51 | 000,044,544 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgaw400.dll
[2019/03/07 18:56:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsec6.exe
[2019/03/07 18:56:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec6.exe
[2019/03/07 18:56:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\htui.dll
[2019/03/07 18:56:51 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iasads.dll
[2019/03/07 18:56:51 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iasads.dll
[2019/03/07 18:56:51 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhsetup.dll
[2019/03/07 18:56:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxrtmgr.dll
[2019/03/07 18:56:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxrtmgr.dll
[2019/03/07 18:56:51 | 000,036,921 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imeshare.dll
[2019/03/07 18:56:51 | 000,036,921 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imeshare.dll
[2019/03/07 18:56:51 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2019/03/07 18:56:51 | 000,035,840 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgmd400.dll
[2019/03/07 18:56:51 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipfltdrv.sys
[2019/03/07 18:56:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetmib1.dll
[2019/03/07 18:56:51 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iashlpr.dll
[2019/03/07 18:56:51 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iashlpr.dll
[2019/03/07 18:56:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iologmsg.dll
[2019/03/07 18:56:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iologmsg.dll
[2019/03/07 18:56:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidphone.tsp
[2019/03/07 18:56:51 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2019/03/07 18:56:51 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2019/03/07 18:56:51 | 000,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgpl400.dll
[2019/03/07 18:56:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2019/03/07 18:56:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxroute.exe
[2019/03/07 18:56:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iasacct.dll
[2019/03/07 18:56:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iasacct.dll
[2019/03/07 18:56:51 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxwan.dll
[2019/03/07 18:56:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxrip.dll
[2019/03/07 18:56:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxrip.dll
[2019/03/07 18:56:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iaspolcy.dll
[2019/03/07 18:56:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iaspolcy.dll
[2019/03/07 18:56:51 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconf.tsp
[2019/03/07 18:56:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetppui.dll
[2019/03/07 18:56:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\help.exe
[2019/03/07 18:56:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hnetmon.dll
[2019/03/07 18:56:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hnetmon.dll
[2019/03/07 18:56:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iissuba.dll
[2019/03/07 18:56:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissuba.dll
[2019/03/07 18:56:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2019/03/07 18:56:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2019/03/07 18:56:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\igmpagnt.dll
[2019/03/07 18:56:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2019/03/07 18:56:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2019/03/07 18:56:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcan.dll
[2019/03/07 18:56:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcan.dll
[2019/03/07 18:56:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostname.exe
[2019/03/07 18:56:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostname.exe
[2019/03/07 18:56:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2019/03/07 18:56:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2019/03/07 18:56:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec.dll
[2019/03/07 18:56:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2019/03/07 18:56:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2019/03/07 18:56:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsg.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsg.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdla.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdla.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2019/03/07 18:56:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusx.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusx.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusr.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusr.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusl.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusl.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsw.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsw.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsp.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsp.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsf.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsf.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpo.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpo.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdno.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdne.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdne.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmac.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmac.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdic.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdic.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgr1.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgr1.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgr.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgr.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfr.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfr.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfo.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfo.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfi.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfc.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfc.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdes.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdes.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdda.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdda.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdca.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdca.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbr.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbr.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbene.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbene.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbe.dll
[2019/03/07 18:56:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbe.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdus.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdus.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduk.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduk.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdit142.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdit142.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdit.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdit.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdir.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdir.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgae.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgae.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2019/03/07 18:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2019/03/07 18:56:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2019/03/07 18:56:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbddv.dll
[2019/03/07 18:56:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddv.dll
[2019/03/07 18:56:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2019/03/07 18:56:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2019/03/07 18:56:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iprtprio.dll
[2019/03/07 18:56:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprtprio.dll
[2019/03/07 18:56:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iprop.dll
[2019/03/07 18:56:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprop.dll
[2019/03/07 18:56:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icmp.dll
[2019/03/07 18:56:50 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll
[2019/03/07 18:56:50 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2019/03/07 18:56:50 | 001,293,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound3d.dll
[2019/03/07 18:56:50 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx8vb.dll
[2019/03/07 18:56:50 | 001,114,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esent97.dll
[2019/03/07 18:56:50 | 001,114,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esent97.dll
[2019/03/07 18:56:50 | 001,082,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esent.dll
[2019/03/07 18:56:50 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2019/03/07 18:56:50 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx7vb.dll
[2019/03/07 18:56:50 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpedit.dll
[2019/03/07 18:56:50 | 000,380,445 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\expsrv.dll
[2019/03/07 18:56:50 | 000,380,445 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expsrv.dll
[2019/03/07 18:56:50 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound.dll
[2019/03/07 18:56:50 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2019/03/07 18:56:50 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\filemgmt.dll
[2019/03/07 18:56:50 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\duser.dll
[2019/03/07 18:56:50 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\glmf32.dll
[2019/03/07 18:56:50 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\glmf32.dll
[2019/03/07 18:56:50 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2019/03/07 18:56:50 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gptext.dll
[2019/03/07 18:56:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eudcedit.exe
[2019/03/07 18:56:50 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\els.dll
[2019/03/07 18:56:50 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmo.dll
[2019/03/07 18:56:50 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
[2019/03/07 18:56:50 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftsrch.dll
[2019/03/07 18:56:50 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftsrch.dll
[2019/03/07 18:56:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsprop.dll
[2019/03/07 18:56:50 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dssenh.dll
[2019/03/07 18:56:50 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dssenh.dll
[2019/03/07 18:56:50 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exts.dll
[2019/03/07 18:56:50 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fde.dll
[2019/03/07 18:56:50 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\glu32.dll
[2019/03/07 18:56:50 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpresult.exe
[2019/03/07 18:56:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpkcsp.dll
[2019/03/07 18:56:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gpkcsp.dll
[2019/03/07 18:56:50 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dskquota.dll
[2019/03/07 18:56:50 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fldrclnr.dll
[2019/03/07 18:56:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2019/03/07 18:56:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsusd.dll
[2019/03/07 18:56:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsusd.dll
[2019/03/07 18:56:50 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl
[2019/03/07 18:56:50 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faultrep.dll
[2019/03/07 18:56:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gcdef.dll
[2019/03/07 18:56:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gcdef.dll
[2019/03/07 18:56:50 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fdeploy.dll
[2019/03/07 18:56:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmoprp.dll
[2019/03/07 18:56:50 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsauth.dll
[2019/03/07 18:56:50 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsauth.dll
[2019/03/07 18:56:50 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll
[2019/03/07 18:56:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getmac.exe
[2019/03/07 18:56:50 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsutil.exe
[2019/03/07 18:56:50 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsutil.exe
[2019/03/07 18:56:50 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
[2019/03/07 18:56:50 | 000,055,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dwil1033.dll
[2019/03/07 18:56:50 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2019/03/07 18:56:50 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drwtsn32.exe
[2019/03/07 18:56:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\g711codc.ax
[2019/03/07 18:56:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\g711codc.ax
[2019/03/07 18:56:50 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2019/03/07 18:56:50 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esentutl.exe
[2019/03/07 18:56:50 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esentutl.exe
[2019/03/07 18:56:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventcls.dll
[2019/03/07 18:56:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventcls.dll
[2019/03/07 18:56:50 | 000,028,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drwatson.exe
[2019/03/07 18:56:50 | 000,028,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drwatson.exe
[2019/03/07 18:56:50 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe
[2019/03/07 18:56:50 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\efsadu.dll
[2019/03/07 18:56:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\graftabl.com
[2019/03/07 18:56:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi.exe
[2019/03/07 18:56:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi.exe
[2019/03/07 18:56:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe
[2019/03/07 18:56:50 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\feclient.dll
[2019/03/07 18:56:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fontview.exe
[2019/03/07 18:56:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi.dll
[2019/03/07 18:56:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dswave.dll
[2019/03/07 18:56:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dvdupgrd.exe
[2019/03/07 18:56:50 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esentprf.dll
[2019/03/07 18:56:50 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esentprf.dll
[2019/03/07 18:56:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fmifs.dll
[2019/03/07 18:56:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fmifs.dll
[2019/03/07 18:56:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ds32gt.dll
[2019/03/07 18:56:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ds32gt.dll
[2019/03/07 18:56:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\expand.exe
[2019/03/07 18:56:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expand.exe
[2019/03/07 18:56:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fc.exe
[2019/03/07 18:56:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fc.exe
[2019/03/07 18:56:50 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys
[2019/03/07 18:56:50 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxapi.sys
[2019/03/07 18:56:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpkrsrc.dll
[2019/03/07 18:56:50 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framebuf.dll
[2019/03/07 18:56:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\finger.exe
[2019/03/07 18:56:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\finger.exe
[2019/03/07 18:56:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\find.exe
[2019/03/07 18:56:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\find.exe
[2019/03/07 18:56:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventvwr.exe
[2019/03/07 18:56:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventvwr.exe
[2019/03/07 18:56:50 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fs_rec.sys
[2019/03/07 18:56:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\forcedos.exe
[2019/03/07 18:56:50 | 000,004,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ds16gt.dLL
[2019/03/07 18:56:50 | 000,004,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ds16gt.dll
[2019/03/07 18:56:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsprpres.dll
[2019/03/07 18:56:50 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys
[2019/03/07 18:56:50 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxgthk.sys
[2019/03/07 18:56:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fixmapi.exe
[2019/03/07 18:56:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fixmapi.exe
[2019/03/07 18:56:47 | 002,091,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdosys.dll
[2019/03/07 18:56:47 | 002,091,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdosys.dll
[2019/03/07 18:56:47 | 001,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll
[2019/03/07 18:56:47 | 001,179,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8.dll
[2019/03/07 18:56:47 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\danim.dll
[2019/03/07 18:56:47 | 000,847,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dbgeng.dll
[2019/03/07 18:56:47 | 000,847,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbgeng.dll
[2019/03/07 18:56:47 | 000,824,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dim700.dll
[2019/03/07 18:56:47 | 000,640,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbghelp.dll
[2019/03/07 18:56:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2019/03/07 18:56:47 | 000,512,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cryptui.dll
[2019/03/07 18:56:47 | 000,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmgr.dll
[2019/03/07 18:56:47 | 000,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certmgr.dll
[2019/03/07 18:56:47 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim.dll
[2019/03/07 18:56:47 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dim.dll
[2019/03/07 18:56:47 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shellstyle.dll
[2019/03/07 18:56:47 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\class_ss.dll
[2019/03/07 18:56:47 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diactfrm.dll
[2019/03/07 18:56:47 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diactfrm.dll
[2019/03/07 18:56:47 | 000,379,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpmon.dll
[2019/03/07 18:56:47 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll
[2019/03/07 18:56:47 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cards.dll
[2019/03/07 18:56:47 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cards.dll
[2019/03/07 18:56:47 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\confmsp.dll
[2019/03/07 18:56:47 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3drm.dll
[2019/03/07 18:56:47 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3drm.dll
[2019/03/07 18:56:47 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2019/03/07 18:56:47 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdial32.dll
[2019/03/07 18:56:47 | 000,330,752 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dmconfig.dll
[2019/03/07 18:56:47 | 000,330,752 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dllcache\dmconfig.dll
[2019/03/07 18:56:47 | 000,285,184 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmdlgs.dll
[2019/03/07 18:56:47 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devmgr.dll
[2019/03/07 18:56:47 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddraw.dll
[2019/03/07 18:56:47 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplayx.dll
[2019/03/07 18:56:47 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\compstui.dll
[2019/03/07 18:56:47 | 000,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvoice.dll
[2019/03/07 18:56:47 | 000,200,704 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmdskmgr.dll
[2019/03/07 18:56:47 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certcli.dll
[2019/03/07 18:56:47 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certcli.dll
[2019/03/07 18:56:47 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput8.dll
[2019/03/07 18:56:47 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmime.dll
[2019/03/07 18:56:47 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\datime.dll
[2019/03/07 18:56:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe
[2019/03/07 18:56:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credui.dll
[2019/03/07 18:56:47 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciadmin.dll
[2019/03/07 18:56:47 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ciadmin.dll
[2019/03/07 18:56:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput.dll
[2019/03/07 18:56:47 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\daxctle.ocx
[2019/03/07 18:56:47 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2019/03/07 18:56:47 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\capesnpn.dll
[2019/03/07 18:56:47 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capesnpn.dll
[2019/03/07 18:56:47 | 000,149,019 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crtdll.dll
[2019/03/07 18:56:47 | 000,149,019 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\crtdll.dll
[2019/03/07 18:56:47 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cic.dll
[2019/03/07 18:56:47 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe
[2019/03/07 18:56:47 | 000,124,416 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgui.dll
[2019/03/07 18:56:47 | 000,118,784 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmdskres.dll
[2019/03/07 18:56:47 | 000,118,784 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdskres.dll
[2019/03/07 18:56:47 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvvox.dll
[2019/03/07 18:56:47 | 000,111,104 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dgnet.dll
[2019/03/07 18:56:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnetlib.dll
[2019/03/07 18:56:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmstyle.dll
[2019/03/07 18:56:47 | 000,105,472 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe
[2019/03/07 18:56:47 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmusic.dll
[2019/03/07 18:56:47 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmsynth.dll
[2019/03/07 18:56:47 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpcdll.dll
[2019/03/07 18:56:47 | 000,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2019/03/07 18:56:47 | 000,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2019/03/07 18:56:47 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe
[2019/03/07 18:56:47 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2019/03/07 18:56:47 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2019/03/07 18:56:47 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventtriggers.exe
[2019/03/07 18:56:47 | 000,082,944 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe
[2019/03/07 18:56:47 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmscript.dll
[2019/03/07 18:56:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.dll
[2019/03/07 18:56:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cryptdlg.dll
[2019/03/07 18:56:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptdlg.dll
[2019/03/07 18:56:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpsapi.dll
[2019/03/07 18:56:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpsapi.dll
[2019/03/07 18:56:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csseqchk.dll
[2019/03/07 18:56:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csseqchk.dll
[2019/03/07 18:56:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systeminfo.exe
[2019/03/07 18:56:47 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ciodm.dll
[2019/03/07 18:56:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\openfiles.exe
[2019/03/07 18:56:47 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\console.dll
[2019/03/07 18:56:47 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\console.dll
[2019/03/07 18:56:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cryptnet.dll
[2019/03/07 18:56:47 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2019/03/07 18:56:47 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe
[2019/03/07 18:56:47 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\driverquery.exe
[2019/03/07 18:56:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnmodem.dll
[2019/03/07 18:56:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnmodem.dll
[2019/03/07 18:56:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cryptsvc.dll
[2019/03/07 18:56:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnwsock.dll
[2019/03/07 18:56:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnwsock.dll
[2019/03/07 18:56:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmcompos.dll
[2019/03/07 18:56:47 | 000,061,440 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmview.ocx
[2019/03/07 18:56:47 | 000,061,440 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmview.ocx
[2019/03/07 18:56:47 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhupnp.dll
[2019/03/07 18:56:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabinet.dll
[2019/03/07 18:56:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cabinet.dll
[2019/03/07 18:56:47 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clusapi.dll
[2019/03/07 18:56:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpwsockx.dll
[2019/03/07 18:56:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cipher.exe
[2019/03/07 18:56:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dataclen.dll
[2019/03/07 18:56:47 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cryptext.dll
[2019/03/07 18:56:47 | 000,053,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpserial.dll
[2019/03/07 18:56:47 | 000,053,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpserial.dll
[2019/03/07 18:56:47 | 000,051,200 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgres.dll
[2019/03/07 18:56:47 | 000,051,200 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgres.dll
[2019/03/07 18:56:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventcreate.exe
[2019/03/07 18:56:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camocx.dll
[2019/03/07 18:56:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\camocx.dll
[2019/03/07 18:56:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dxof.dll
[2019/03/07 18:56:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dxof.dll
[2019/03/07 18:56:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\docprop.dll
[2019/03/07 18:56:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dimap.dll
[2019/03/07 18:56:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimap.dll
[2019/03/07 18:56:47 | 000,042,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpwsock.dll
[2019/03/07 18:56:47 | 000,042,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsock.dll
[2019/03/07 18:56:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmmon32.exe
[2019/03/07 18:56:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddeml.dll
[2019/03/07 18:56:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeml.dll
[2019/03/07 18:56:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmutil.dll
[2019/03/07 18:56:47 | 000,039,424 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgsnap.dll
[2019/03/07 18:56:47 | 000,036,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dosapp.fon
[2019/03/07 18:56:47 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmloader.dll
[2019/03/07 18:56:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhpast.dll
[2019/03/07 18:56:47 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dpmesh.dll
[2019/03/07 18:56:47 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dpmesh.dll
[2019/03/07 18:56:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cryptdll.dll
[2019/03/07 18:56:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptdll.dll
[2019/03/07 18:56:47 | 000,033,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplay.dll
[2019/03/07 18:56:47 | 000,033,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplay.dll
[2019/03/07 18:56:47 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll
[2019/03/07 18:56:47 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\commdlg.dll
[2019/03/07 18:56:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dispex.dll
[2019/03/07 18:56:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dispex.dll
[2019/03/07 18:56:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnetcfg.dll
[2019/03/07 18:56:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cnetcfg.dll
[2019/03/07 18:56:47 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeshare.exe
[2019/03/07 18:56:47 | 000,030,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compobj.dll
[2019/03/07 18:56:47 | 000,030,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\compobj.dll
[2019/03/07 18:56:47 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2019/03/07 18:56:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmband.dll
[2019/03/07 18:56:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnmpntw.dll
[2019/03/07 18:56:47 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
[2019/03/07 18:56:47 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccfgnt.dll
[2019/03/07 18:56:47 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ccfgnt.dll
[2019/03/07 18:56:47 | 000,027,200 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctl3dv2.dll
[2019/03/07 18:56:47 | 000,027,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctl3dv2.dll
[2019/03/07 18:56:47 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddrawex.dll
[2019/03/07 18:56:47 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnvfat.dll
[2019/03/07 18:56:47 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cnvfat.dll
[2019/03/07 18:56:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdl32.exe
[2019/03/07 18:56:47 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\davclnt.dll
[2019/03/07 18:56:47 | 000,025,088 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe
[2019/03/07 18:56:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsrpcn.dll
[2019/03/07 18:56:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.rll
[2019/03/07 18:56:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpmodemx.dll
[2019/03/07 18:56:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvacm.dll
[2019/03/07 18:56:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2019/03/07 18:56:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmocx.dll
[2019/03/07 18:56:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmocx.dll
[2019/03/07 18:56:47 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\deskperf.dll
[2019/03/07 18:56:47 | 000,018,432 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmintf.dll
[2019/03/07 18:56:47 | 000,018,432 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmintf.dll
[2019/03/07 18:56:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2019/03/07 18:56:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskperf.exe
[2019/03/07 18:56:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diskperf.exe
[2019/03/07 18:56:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2019/03/07 18:56:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compact.exe
[2019/03/07 18:56:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\compact.exe
[2019/03/07 18:56:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\deskmon.dll
[2019/03/07 18:56:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgmgr32.dll
[2019/03/07 18:56:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgmgr32.dll
[2019/03/07 18:56:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\deskadp.dll
[2019/03/07 18:56:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comp.exe
[2019/03/07 18:56:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comp.exe
[2019/03/07 18:56:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmcfg32.dll
[2019/03/07 18:56:47 | 000,015,872 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmremote.exe
[2019/03/07 18:56:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmpbk32.dll
[2019/03/07 18:56:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmpbk32.dll
[2019/03/07 18:56:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convert.exe
[2019/03/07 18:56:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convert.exe
[2019/03/07 18:56:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll
[2019/03/07 18:56:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkdsk.exe
[2019/03/07 18:56:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chkdsk.exe
[2019/03/07 18:56:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkntfs.exe
[2019/03/07 18:56:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chkntfs.exe
[2019/03/07 18:56:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\doskey.exe
[2019/03/07 18:56:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\doskey.exe
[2019/03/07 18:56:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clb.dll
[2019/03/07 18:56:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clb.dll
[2019/03/07 18:56:47 | 000,010,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comm.drv
[2019/03/07 18:56:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diskcomp.com
[2019/03/07 18:56:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dciman32.dll
[2019/03/07 18:56:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8thk.dll
[2019/03/07 18:56:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\control.exe
[2019/03/07 18:56:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\control.exe
[2019/03/07 18:56:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cidaemon.exe
[2019/03/07 18:56:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ckcnv.exe
[2019/03/07 18:56:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ckcnv.exe
[2019/03/07 18:56:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chcp.com
[2019/03/07 18:56:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diskcopy.com
[2019/03/07 18:56:47 | 000,005,888 | ---- | C] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\System32\dllcache\dmload.sys
[2019/03/07 18:56:47 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhst3g.exe
[2019/03/07 18:56:47 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dllhst3g.exe
[2019/03/07 18:56:47 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comcat.dll
[2019/03/07 18:56:47 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comcat.dll
[2019/03/07 18:56:47 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnlobby.dll
[2019/03/07 18:56:47 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnaddr.dll
[2019/03/07 18:56:46 | 001,852,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acgenral.dll
[2019/03/07 18:56:46 | 001,661,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpencen.dll
[2019/03/07 18:56:46 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2019/03/07 18:56:46 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpd_ci.dll
[2019/03/07 18:56:46 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\autofmt.exe
[2019/03/07 18:56:46 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autofmt.exe
[2019/03/07 18:56:46 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appwiz.cpl
[2019/03/07 18:56:46 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2019/03/07 18:56:46 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmdrmdev.dll
[2019/03/07 18:56:46 | 000,361,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blue_ss.dll
[2019/03/07 18:56:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdsp.dll
[2019/03/07 18:56:46 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys
[2019/03/07 18:56:46 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atmuni.sys
[2019/03/07 18:56:46 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmdrmnet.dll
[2019/03/07 18:56:46 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdmtpdr.dll
[2019/03/07 18:56:46 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appmgr.dll
[2019/03/07 18:56:46 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgr.dll
[2019/03/07 18:56:46 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2019/03/07 18:56:46 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2019/03/07 18:56:46 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsnt.dll
[2019/03/07 18:56:46 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsnt.dll
[2019/03/07 18:56:46 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2019/03/07 18:56:46 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acspecfc.dll
[2019/03/07 18:56:46 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecp.acm
[2019/03/07 18:56:46 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentctl.dll
[2019/03/07 18:56:46 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpsrcwp.dll
[2019/03/07 18:56:46 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\activeds.dll
[2019/03/07 18:56:46 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\activeds.dll
[2019/03/07 18:56:46 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsldp.dll
[2019/03/07 18:56:46 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsldp.dll
[2019/03/07 18:56:46 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appmgmts.dll
[2019/03/07 18:56:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsnds.dll
[2019/03/07 18:56:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsnds.dll
[2019/03/07 18:56:46 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdmtp.dll
[2019/03/07 18:56:46 | 000,152,576 | ---- | C] (Microsoft Corporation; Microsoft Research) -- C:\WINDOWS\System32\dllcache\bnts.dll
[2019/03/07 18:56:46 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsldpc.dll
[2019/03/07 18:56:46 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsldpc.dll
[2019/03/07 18:56:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootcfg.exe
[2019/03/07 18:56:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bootcfg.exe
[2019/03/07 18:56:46 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclua.dll
[2019/03/07 18:56:46 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acledit.dll
[2019/03/07 18:56:46 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acledit.dll
[2019/03/07 18:56:46 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apphelp.dll
[2019/03/07 18:56:46 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2019/03/07 18:56:46 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsnw.dll
[2019/03/07 18:56:46 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsnw.dll
[2019/03/07 18:56:46 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acxtrnal.dll
[2019/03/07 18:56:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclui.dll
[2019/03/07 18:56:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aclui.dll
[2019/03/07 18:56:46 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asctrls.ocx
[2019/03/07 18:56:46 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asctrls.ocx
[2019/03/07 18:56:46 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\activeds.tlb
[2019/03/07 18:56:46 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\activeds.tlb
[2019/03/07 18:56:46 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll
[2019/03/07 18:56:46 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avifile.dll
[2019/03/07 18:56:46 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apcups.dll
[2019/03/07 18:56:46 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\apcups.dll
[2019/03/07 18:56:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2019/03/07 18:56:46 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack(2).dll
[2019/03/07 18:56:46 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ahui.exe
[2019/03/07 18:56:46 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ahui.exe
[2019/03/07 18:56:46 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actxprxy.dll
[2019/03/07 18:56:46 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actxprxy.dll
[2019/03/07 18:56:46 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2019/03/07 18:56:46 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2019/03/07 18:56:46 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\autodisc.dll
[2019/03/07 18:56:46 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autodisc.dll
[2019/03/07 18:56:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browsewm.dll
[2019/03/07 18:56:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browsewm.dll
[2019/03/07 18:56:46 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll
[2019/03/07 18:56:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2019/03/07 18:56:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2019/03/07 18:56:46 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll
[2019/03/07 18:56:46 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avicap.dll
[2019/03/07 18:56:46 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsmsext.dll
[2019/03/07 18:56:46 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsmsext.dll
[2019/03/07 18:56:46 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2019/03/07 18:56:46 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asycfilt.dll
[2019/03/07 18:56:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap32.dll
[2019/03/07 18:56:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avicap32.dll
[2019/03/07 18:56:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdmtpus.dll
[2019/03/07 18:56:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browselc.dll
[2019/03/07 18:56:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browselc.dll
[2019/03/07 18:56:46 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authz.dll
[2019/03/07 18:56:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2019/03/07 18:56:46 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2019/03/07 18:56:46 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\basesrv.dll
[2019/03/07 18:56:46 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\basesrv.dll
[2019/03/07 18:56:46 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\btpanui.dll
[2019/03/07 18:56:46 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll
[2019/03/07 18:56:46 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentmpx.dll
[2019/03/07 18:56:46 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alg.exe
[2019/03/07 18:56:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsr.dll
[2019/03/07 18:56:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\audiosrv.dll
[2019/03/07 18:56:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2019/03/07 18:56:46 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdconns.dll
[2019/03/07 18:56:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atmpvcno.dll
[2019/03/07 18:56:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atmpvcno.dll
[2019/03/07 18:56:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asr_pfu.exe
[2019/03/07 18:56:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_pfu.exe
[2019/03/07 18:56:46 | 000,032,256 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\asr_ldm.exe
[2019/03/07 18:56:46 | 000,032,256 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\asr_ldm.exe
[2019/03/07 18:56:46 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys
[2019/03/07 18:56:46 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atmepvc.sys
[2019/03/07 18:56:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asr_fmt.exe
[2019/03/07 18:56:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_fmt.exe
[2019/03/07 18:56:46 | 000,030,208 | ---- | C] (Adobe Systems) -- C:\WINDOWS\System32\dllcache\atmlib.dll
[2019/03/07 18:56:46 | 000,030,208 | ---- | C] (Adobe Systems) -- C:\WINDOWS\System32\atmlib.dll
[2019/03/07 18:56:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batmeter.dll
[2019/03/07 18:56:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batmeter.dll
[2019/03/07 18:56:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adptif.dll
[2019/03/07 18:56:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adptif.dll
[2019/03/07 18:56:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaaamon.dll
[2019/03/07 18:56:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaaamon.dll
[2019/03/07 18:56:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\at.exe
[2019/03/07 18:56:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\at.exe
[2019/03/07 18:56:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agtintl.dll
[2019/03/07 18:56:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentpsh.dll
[2019/03/07 18:56:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentanm.dll
[2019/03/07 18:56:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040c.dll
[2019/03/07 18:56:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0407.dll
[2019/03/07 18:56:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0816.dll
[2019/03/07 18:56:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0413.dll
[2019/03/07 18:56:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0410.dll
[2019/03/07 18:56:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0c0a.dll
[2019/03/07 18:56:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0416.dll
[2019/03/07 18:56:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0409.dll
[2019/03/07 18:56:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\arp.exe
[2019/03/07 18:56:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\arp.exe
[2019/03/07 18:56:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041d.dll
[2019/03/07 18:56:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0414.dll
[2019/03/07 18:56:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040b.dll
[2019/03/07 18:56:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0406.dll
[2019/03/07 18:56:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agtctl15.tlb
[2019/03/07 18:56:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bidispl.dll
[2019/03/07 18:56:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bidispl.dll
[2019/03/07 18:56:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alrsvc.dll
[2019/03/07 18:56:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\auditusr.exe
[2019/03/07 18:56:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2019/03/07 18:56:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atkctrs.dll
[2019/03/07 18:56:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atkctrs.dll
[2019/03/07 18:56:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootvid.dll
[2019/03/07 18:56:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bootvid.dll
[2019/03/07 18:56:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\attrib.exe
[2019/03/07 18:56:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\attrib.exe
[2019/03/07 18:56:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\autolfn.exe
[2019/03/07 18:56:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autolfn.exe
[2019/03/07 18:56:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atmadm.exe
[2019/03/07 18:56:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atmadm.exe
[2019/03/07 18:56:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdtrace.dll
[2019/03/07 18:56:46 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uwdf.exe
[2019/03/07 18:56:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootvrfy.exe
[2019/03/07 18:56:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bootvrfy.exe
[2019/03/07 18:56:46 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootok.exe
[2019/03/07 18:56:46 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bootok.exe
[2019/03/07 18:56:46 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2019/03/07 18:56:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVADVE.DLL
[2019/03/07 18:56:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVADVD.dll
[2019/03/07 18:56:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfapi.dll
[2019/03/07 18:56:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actmovie.exe
[2019/03/07 18:56:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actmovie.exe
[2019/03/07 18:54:21 | 000,000,000 | ---D | C] -- C:\i386
[2019/03/07 18:53:51 | 000,000,000 | ---D | C] -- C:\cmpnents
[2019/03/07 18:53:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/26 19:30:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Oli\Desktop\OTL.exe
[2010/07/26 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Desktop\Defrogger
[2010/07/26 19:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Desktop\MBRCheck
[2010/07/26 19:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Desktop\Remover
[2010/07/26 15:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\My Documents\Native Instruments
[2010/07/26 15:15:56 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Oli\Desktop\MGADiag.exe
[2010/07/21 20:17:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Oli\Recent
[2010/07/21 20:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\My Documents\JumiController
[2010/07/21 19:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Jumi
[2010/07/20 21:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2010/07/20 21:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2010/07/16 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/16 22:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/16 22:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/16 22:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/16 22:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/16 11:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/16 11:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/13 19:57:16 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/12 23:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\My Documents\Alcohol 52%
[2010/07/12 16:43:17 | 001,742,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mypixdx.scr
[2010/07/12 16:43:10 | 003,343,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nature.scr
[2010/07/12 16:43:04 | 005,068,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\davinci.scr
[2010/07/12 16:42:56 | 007,093,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\space.scr
[2010/07/12 16:42:49 | 004,396,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpgldfsh.scr
[2010/07/12 16:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/07/12 16:41:46 | 010,488,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehres.dll
[2010/07/12 15:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2010/07/11 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\File sharing
[2010/07/10 23:57:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/07/10 23:57:51 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/07/10 23:57:51 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/07/10 23:57:50 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/07/10 23:57:49 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/07/10 23:57:49 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/07/10 23:57:47 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/07/10 23:57:46 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/07/10 23:57:46 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/07/10 23:57:45 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/07/10 23:57:44 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/07/10 23:57:43 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/07/10 23:57:42 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010/07/10 23:57:41 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2010/07/10 23:57:41 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2010/07/10 23:57:40 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2010/07/10 23:57:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2010/07/10 23:57:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2010/07/10 23:57:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West
Advertisement
Register to Remove

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 4:57 pm

[2010/07/10 23:57:38 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2010/07/10 23:57:37 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2010/07/10 23:57:10 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2010/07/10 23:57:09 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/07/10 23:57:08 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/07/10 23:57:07 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/07/10 23:57:07 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/07/10 23:57:06 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/07/10 23:57:06 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/07/10 23:57:05 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/07/10 23:57:04 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/07/10 23:57:03 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/07/10 23:57:03 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/07/10 23:57:02 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/07/10 23:57:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2010/07/10 23:57:01 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/07/10 23:57:00 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/07/10 23:57:00 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/07/10 23:56:59 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/07/10 23:56:59 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/07/10 23:56:58 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/07/10 23:56:58 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/07/10 23:56:56 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2010/07/10 23:56:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/07/10 23:56:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/07/10 23:56:54 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/07/10 23:56:54 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010/07/10 23:56:53 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2010/07/10 23:56:53 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010/07/10 23:56:52 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/07/10 23:56:52 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/07/10 23:56:51 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/07/10 23:56:51 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010/07/10 23:56:50 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/07/10 23:56:50 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/07/10 23:56:49 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/07/10 23:56:49 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/07/10 23:56:48 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/07/10 23:56:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/07/10 23:56:47 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010/07/10 23:56:47 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/07/10 23:56:40 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010/07/10 23:56:39 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010/07/10 23:56:38 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010/07/10 23:56:38 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010/07/10 23:56:37 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010/07/10 23:56:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010/07/10 23:56:36 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010/07/10 23:56:36 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010/07/10 23:56:35 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010/07/10 23:56:33 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010/07/10 23:56:33 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/07/10 23:56:31 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/07/10 23:56:29 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010/07/10 23:56:29 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010/07/10 23:56:28 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/07/10 23:56:27 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010/07/10 23:56:27 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010/07/10 23:56:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010/07/10 23:56:20 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/07/10 23:56:19 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/07/10 23:56:18 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/07/10 23:56:18 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/07/10 23:56:18 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/07/10 23:56:17 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/07/10 23:56:17 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010/07/10 23:56:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/07/10 23:56:15 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/07/10 23:56:15 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010/07/10 23:56:15 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010/07/10 23:56:14 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/07/10 23:56:14 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/07/10 23:56:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010/07/10 23:56:12 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/07/10 23:56:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/07/10 23:56:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/07/10 23:56:11 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/07/10 23:56:11 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/07/10 23:56:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/07/10 23:55:47 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010/07/10 19:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\My Documents\ImTOO Software Studio
[2010/07/10 19:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2010/07/09 11:48:03 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/07/09 11:48:03 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/07/09 11:48:03 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/07/09 11:48:03 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/07/09 11:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/07/09 00:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Application Data\Yamb
[2010/07/01 19:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Application Data\vlc
[2010/06/30 22:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/06/29 20:48:35 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2010/06/29 20:07:26 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/06/29 18:41:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/06/29 18:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/29 13:40:25 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll.uxp
[2010/06/29 11:41:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/29 01:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/29 00:52:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/29 00:45:46 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/06/29 00:45:46 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/06/29 00:45:46 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/06/29 00:45:46 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/06/29 00:45:46 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/06/29 00:45:46 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/06/29 00:45:46 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/06/29 00:45:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/06/29 00:45:45 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/06/29 00:45:42 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/06/29 00:45:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/06/29 00:45:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/06/29 00:45:40 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/06/29 00:45:40 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/06/29 00:45:40 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/06/29 00:45:40 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/06/29 00:45:40 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/06/29 00:45:40 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/06/29 00:45:40 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/06/29 00:45:40 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/06/29 00:45:40 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/06/29 00:45:40 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/06/29 00:45:40 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/06/29 00:45:40 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/06/29 00:45:40 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/06/29 00:45:40 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/06/29 00:45:39 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/06/29 00:45:39 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/06/29 00:45:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/06/29 00:45:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/06/29 00:45:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/06/29 00:45:39 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/06/29 00:45:39 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/06/29 00:45:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/06/29 00:45:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/06/29 00:45:37 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/06/29 00:45:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/06/29 00:45:35 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/06/29 00:45:35 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/06/29 00:45:35 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/06/29 00:45:35 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/06/29 00:45:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/06/29 00:45:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/06/29 00:45:35 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/06/29 00:45:35 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/06/29 00:45:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010/06/29 00:45:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/06/29 00:45:35 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/06/29 00:45:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/06/29 00:45:35 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/06/29 00:45:34 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/06/29 00:45:34 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/06/29 00:45:34 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/06/29 00:45:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/06/29 00:45:33 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/06/29 00:45:26 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/06/29 00:45:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/06/29 00:45:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/06/29 00:45:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/06/29 00:45:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpash.dll
[2010/06/29 00:45:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/06/29 00:45:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnepr.dll
[2010/06/29 00:45:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/06/29 00:45:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdiultn.dll
[2010/06/29 00:45:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/06/29 00:45:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbhc.dll
[2010/06/29 00:45:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/06/29 00:45:21 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/06/29 00:45:21 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/06/29 00:45:20 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/06/29 00:45:20 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/06/29 00:45:20 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/06/29 00:45:20 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/06/29 00:45:20 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/06/29 00:45:20 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/06/29 00:45:20 | 000,109,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/06/29 00:45:20 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/06/29 00:45:20 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/06/29 00:45:20 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/06/29 00:45:20 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/06/29 00:45:20 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/06/29 00:45:20 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/06/29 00:45:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/06/29 00:45:20 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/06/29 00:45:20 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/06/29 00:45:20 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/06/29 00:45:19 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/06/29 00:45:19 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/06/29 00:45:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/06/29 00:45:19 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/06/29 00:45:19 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/06/29 00:45:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/06/29 00:45:19 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/06/29 00:45:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/06/29 00:45:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/06/29 00:45:19 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/06/29 00:45:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/06/29 00:45:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dimsroam.dll
[2010/06/29 00:45:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/06/29 00:45:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/06/29 00:45:19 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/06/29 00:45:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dimsntfy.dll
[2010/06/29 00:45:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/06/29 00:45:18 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\azroles.dll
[2010/06/29 00:45:18 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/06/29 00:45:18 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/06/29 00:45:18 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/06/29 00:45:18 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2010/06/29 00:45:18 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2010/06/29 00:45:18 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/06/29 00:45:18 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2010/06/29 00:45:18 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/06/29 00:45:18 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2010/06/29 00:45:18 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/06/29 00:45:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2010/06/29 00:45:18 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/06/29 00:45:18 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2010/06/29 00:45:18 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2010/06/29 00:45:18 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/06/29 00:45:18 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/06/29 00:45:18 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
[2010/06/29 00:45:18 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/06/29 00:45:18 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2010/06/29 00:45:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2010/06/29 00:45:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/06/29 00:45:17 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010/06/29 00:45:17 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/06/29 00:45:17 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2010/06/29 00:45:17 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/06/29 00:45:17 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/06/29 00:45:17 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010/06/29 00:45:17 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010/06/29 00:45:17 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/06/29 00:45:17 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2010/06/29 00:45:17 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/06/29 00:45:17 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/06/29 00:45:17 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2010/06/29 00:45:17 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010/06/29 00:45:17 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/06/29 00:45:17 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010/06/29 00:45:17 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/06/29 00:45:17 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/06/29 00:45:17 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2010/06/29 00:45:17 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/06/29 00:45:17 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2010/06/29 00:45:17 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/06/29 00:45:17 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2010/06/29 00:45:17 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/06/29 00:45:17 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2010/06/29 00:45:17 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/06/29 00:45:17 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2010/06/29 00:45:17 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/06/29 00:45:17 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2010/06/29 00:45:17 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/06/29 00:45:17 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2010/06/29 00:45:17 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/06/29 00:45:17 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2010/06/29 00:45:17 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/06/29 00:45:17 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2010/06/29 00:45:17 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2010/06/29 00:45:17 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/06/29 00:45:17 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/06/29 00:45:17 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2010/06/29 00:45:17 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/06/29 00:45:17 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2010/06/29 00:45:17 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/06/29 00:45:17 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2010/06/29 00:45:17 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/06/29 00:45:17 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2010/06/29 00:45:17 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/06/29 00:45:17 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2010/06/29 00:45:17 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2010/06/29 00:45:17 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/06/29 00:45:17 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/06/29 00:45:17 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2010/06/29 00:45:17 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/06/29 00:45:17 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2010/06/29 00:45:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/06/29 00:45:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/06/29 00:45:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/06/29 00:45:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/06/29 00:45:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/06/29 00:45:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/06/29 00:45:17 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/06/29 00:45:17 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2010/06/29 00:45:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/06/29 00:45:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2010/06/29 00:45:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/06/29 00:45:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2010/06/29 00:45:17 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/06/29 00:45:17 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2010/06/29 00:45:17 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/06/29 00:45:17 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2010/06/29 00:45:17 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/06/29 00:45:17 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2010/06/29 00:45:17 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2010/06/29 00:45:17 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/06/29 00:45:17 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/06/29 00:45:17 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2010/06/29 00:45:17 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/06/29 00:45:17 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2010/06/29 00:45:17 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/06/29 00:45:17 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2010/06/29 00:45:17 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/06/29 00:45:17 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2010/06/29 00:45:17 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/06/29 00:45:17 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2010/06/29 00:45:17 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/06/29 00:45:17 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2010/06/29 00:45:17 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/06/29 00:45:17 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2010/06/29 00:45:16 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/06/29 00:45:16 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/06/28 17:38:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/28 16:56:57 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/06/28 16:56:51 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/06/28 16:56:19 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/06/28 16:56:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/06/28 16:56:04 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/06/28 16:56:00 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/06/28 15:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Application Data\PriceGong
[2010/06/28 14:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Application Data\Adobe Mini Bridge CS5
[2010/06/28 13:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oli\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/23 21:01:07 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeserv.dll
[2009/11/23 21:01:07 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeusb1.dll
[2009/11/23 21:01:07 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehbn3.dll
[2009/11/23 21:01:07 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdepmui.dll
[2009/11/23 21:01:07 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdelmpm.dll
[2009/11/23 21:01:07 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehcp.dll
[2009/11/23 21:01:07 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeinpa.dll
[2009/11/23 21:01:07 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeiesc.dll
[2009/11/23 21:01:07 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeprox.dll
[2009/11/23 21:01:06 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecomc.dll
[2009/11/23 21:01:06 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecomm.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/26 19:33:57 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/07/26 19:30:26 | 020,447,232 | ---- | M] () -- C:\Documents and Settings\Oli\ntuser.dat
[2010/07/26 19:30:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oli\Desktop\OTL.exe
[2010/07/26 19:27:32 | 000,012,706 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/26 19:24:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/26 19:24:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/26 19:22:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Oli\ntuser.ini
[2010/07/26 19:21:49 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Oli\defogger_reenable
[2010/07/26 17:37:42 | 000,096,344 | ---- | M] () -- C:\Documents and Settings\Oli\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/26 16:05:11 | 003,813,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/26 15:48:16 | 000,000,419 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/26 15:19:06 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Oli\Desktop\CKScanner.exe
[2010/07/26 15:15:57 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Oli\Desktop\MGADiag.exe
[2010/07/25 19:08:15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/25 15:36:48 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Oli\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/24 23:25:01 | 000,011,219 | ---- | M] () -- C:\test.ogg
[2010/07/21 21:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/21 17:45:27 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Oli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 21:52:06 | 000,413,156 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/16 22:50:13 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\Oli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/14 13:08:33 | 000,071,224 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/12 15:54:30 | 000,537,428 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/12 15:54:30 | 000,453,620 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/12 15:54:30 | 000,077,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/11 23:04:02 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/11 22:35:40 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Oli\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/11 20:12:22 | 000,412,954 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100720-215206.backup
[2010/07/09 11:18:22 | 000,217,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/09 11:18:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/03 18:04:36 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Oli\Application Data\inst.exe
[2010/07/03 18:04:36 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Oli\Application Data\pcouffin.sys
[2010/07/03 18:04:36 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Oli\Application Data\pcouffin.cat
[2010/07/03 18:04:36 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Oli\Application Data\pcouffin.inf
[2010/07/01 11:43:22 | 000,412,460 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100711-201222.backup
[2010/06/29 20:39:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/29 20:39:51 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/29 19:33:39 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/29 14:17:14 | 001,578,798 | -H-- | M] () -- C:\Documents and Settings\Oli\Local Settings\Application Data\IconCache.db
[2010/06/29 01:00:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2019/03/07 18:57:37 | 000,000,209 | -HS- | C] () -- C:\boot.ini
[2019/03/07 18:57:20 | 000,035,694 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP
[2019/03/07 18:57:20 | 000,002,679 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2019/03/07 18:57:20 | 000,000,834 | ---- | C] () -- C:\WINDOWS\System32\OemLink.htm
[2019/03/07 18:57:19 | 000,787,510 | ---- | C] () -- C:\WINDOWS\MESH_SKY.BMP
[2019/03/07 18:57:16 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2019/03/07 18:57:16 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2019/03/07 18:57:16 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2019/03/07 18:57:16 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2019/03/07 18:57:13 | 000,250,048 | RHS- | C] () -- C:\ntldr
[2019/03/07 18:57:13 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM
[2019/03/07 18:57:12 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2019/03/07 18:57:12 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2019/03/07 18:57:11 | 000,069,886 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2019/03/07 18:57:11 | 000,010,790 | ---- | C] () -- C:\WINDOWS\System32\edit.hlp
[2019/03/07 18:57:11 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.cht
[2019/03/07 18:57:11 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.chs
[2019/03/07 18:57:00 | 000,012,706 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2019/03/07 18:57:00 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2019/03/07 18:56:59 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2019/03/07 18:56:59 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\wiasf.ax
[2019/03/07 18:56:59 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax
[2019/03/07 18:56:59 | 000,032,674 | ---- | C] () -- C:\WINDOWS\System32\winhelp.hlp
[2019/03/07 18:56:59 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2019/03/07 18:56:58 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2019/03/07 18:56:58 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2019/03/07 18:56:58 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2019/03/07 18:56:58 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2019/03/07 18:56:58 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2019/03/07 18:56:58 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2019/03/07 18:56:58 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2019/03/07 18:56:58 | 000,383,804 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2019/03/07 18:56:58 | 000,355,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2019/03/07 18:56:58 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2019/03/07 18:56:58 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls
[2019/03/07 18:56:58 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\unicode.nls
[2019/03/07 18:56:58 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2019/03/07 18:56:58 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2019/03/07 18:56:58 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2019/03/07 18:56:58 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2019/03/07 18:56:58 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2019/03/07 18:56:58 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2019/03/07 18:56:58 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2019/03/07 18:56:58 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2019/03/07 18:56:58 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2019/03/07 18:56:58 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2019/03/07 18:56:58 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2019/03/07 18:56:58 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2019/03/07 18:56:58 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2019/03/07 18:56:58 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe
[2019/03/07 18:56:58 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap
[2019/03/07 18:56:57 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls
[2019/03/07 18:56:57 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sortkey.nls
[2019/03/07 18:56:57 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2019/03/07 18:56:57 | 000,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2019/03/07 18:56:57 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2019/03/07 18:56:56 | 000,240,120 | ---- | C] () -- C:\WINDOWS\System32\setup.bmp
[2019/03/07 18:56:56 | 000,059,167 | ---- | C] () -- C:\WINDOWS\System\setup.inf
[2019/03/07 18:56:56 | 000,044,451 | R--- | C] () -- C:\WINDOWS\System32\rsop.msc
[2019/03/07 18:56:56 | 000,036,364 | ---- | C] () -- C:\WINDOWS\System32\secpol.msc
[2019/03/07 18:56:56 | 000,035,755 | ---- | C] () -- C:\WINDOWS\System32\prncnfg.vbs
[2019/03/07 18:56:56 | 000,035,755 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs
[2019/03/07 18:56:56 | 000,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2019/03/07 18:56:56 | 000,032,546 | ---- | C] () -- C:\WINDOWS\System32\prnmngr.vbs
[2019/03/07 18:56:56 | 000,032,546 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs
[2019/03/07 18:56:56 | 000,029,454 | ---- | C] () -- C:\WINDOWS\System32\prnport.vbs
[2019/03/07 18:56:56 | 000,029,454 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs
[2019/03/07 18:56:56 | 000,025,415 | ---- | C] () -- C:\WINDOWS\System32\prndrvr.vbs
[2019/03/07 18:56:56 | 000,025,415 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs
[2019/03/07 18:56:56 | 000,021,527 | ---- | C] () -- C:\WINDOWS\System32\prnjobs.vbs
[2019/03/07 18:56:56 | 000,021,527 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs
[2019/03/07 18:56:56 | 000,015,860 | ---- | C] () -- C:\WINDOWS\System32\prnqctl.vbs
[2019/03/07 18:56:56 | 000,015,860 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs
[2019/03/07 18:56:56 | 000,011,753 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2019/03/07 18:56:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll
[2019/03/07 18:56:56 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2019/03/07 18:56:56 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig
[2019/03/07 18:56:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2019/03/07 18:56:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat
[2019/03/07 18:56:56 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2019/03/07 18:56:56 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2019/03/07 18:56:56 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2019/03/07 18:56:56 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe
[2019/03/07 18:56:56 | 000,003,178 | ---- | C] () -- C:\WINDOWS\System32\rsvpcnts.h
[2019/03/07 18:56:56 | 000,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2019/03/07 18:56:56 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\pschdcnt.h
[2019/03/07 18:56:56 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h
[2019/03/07 18:56:56 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2019/03/07 18:56:56 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2019/03/07 18:56:56 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2019/03/07 18:56:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2019/03/07 18:56:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2019/03/07 18:56:55 | 000,453,620 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2019/03/07 18:56:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2019/03/07 18:56:55 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu
[2019/03/07 18:56:55 | 000,077,622 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2019/03/07 18:56:55 | 000,058,273 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2019/03/07 18:56:55 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra
[2019/03/07 18:56:55 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2019/03/07 18:56:55 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2019/03/07 18:56:55 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2019/03/07 18:56:55 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2019/03/07 18:56:55 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2019/03/07 18:56:55 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys
[2019/03/07 18:56:55 | 000,032,968 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2019/03/07 18:56:55 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2019/03/07 18:56:55 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2019/03/07 18:56:55 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2019/03/07 18:56:55 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2019/03/07 18:56:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2019/03/07 18:56:55 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2019/03/07 18:56:55 | 000,026,209 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2019/03/07 18:56:55 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn
[2019/03/07 18:56:55 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita
[2019/03/07 18:56:55 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve
[2019/03/07 18:56:55 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld
[2019/03/07 18:56:55 | 000,006,761 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2019/03/07 18:56:55 | 000,006,761 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2019/03/07 18:56:55 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2019/03/07 18:56:55 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2019/03/07 18:56:55 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2019/03/07 18:56:55 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2019/03/07 18:56:55 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2019/03/07 18:56:55 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe
[2019/03/07 18:56:55 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.enu
[2019/03/07 18:56:55 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.eng
[2019/03/07 18:56:55 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2019/03/07 18:56:55 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\perfwci.h
[2019/03/07 18:56:55 | 000,000,427 | ---- | C] () -- C:\WINDOWS\System32\perfci.h
[2019/03/07 18:56:55 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\perffilt.h
[2019/03/07 18:56:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2019/03/07 18:56:54 | 000,102,446 | ---- | C] () -- C:\WINDOWS\System32\net.hlp
[2019/03/07 18:56:54 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2019/03/07 18:56:54 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2019/03/07 18:56:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2019/03/07 18:56:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2019/03/07 18:56:53 | 000,461,672 | ---- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2019/03/07 18:56:53 | 000,204,396 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2019/03/07 18:56:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2019/03/07 18:56:53 | 000,002,755 | ---- | C] () -- C:\WINDOWS\System32\mqprfsym.h
[2019/03/07 18:56:53 | 000,001,492 | ---- | C] () -- C:\WINDOWS\System32\mmdriver.inf
[2019/03/07 18:56:53 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2019/03/07 18:56:53 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2019/03/07 18:56:52 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2019/03/07 18:56:52 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2019/03/07 18:56:52 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2019/03/07 18:56:52 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2019/03/07 18:56:52 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2019/03/07 18:56:52 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2019/03/07 18:56:52 | 000,024,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2019/03/07 18:56:52 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\l_intl.nls
[2019/03/07 18:56:52 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\l_intl.nls
[2019/03/07 18:56:52 | 000,001,131 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2019/03/07 18:56:52 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\login.cmd
[2019/03/07 18:56:52 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\l_except.nls
[2019/03/07 18:56:52 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\l_except.nls
[2019/03/07 18:56:51 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2019/03/07 18:56:51 | 000,056,700 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2019/03/07 18:56:51 | 000,014,710 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2019/03/07 18:56:51 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2019/03/07 18:56:51 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2019/03/07 18:56:50 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2019/03/07 18:56:50 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls
[2019/03/07 18:56:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2019/03/07 18:56:50 | 000,152,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2019/03/07 18:56:50 | 000,135,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2019/03/07 18:56:50 | 000,056,678 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2019/03/07 18:56:50 | 000,034,871 | ---- | C] () -- C:\WINDOWS\System32\gpedit.msc
[2019/03/07 18:56:50 | 000,032,760 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2019/03/07 18:56:50 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\geo.nls
[2019/03/07 18:56:50 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\geo.nls
[2019/03/07 18:56:50 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2019/03/07 18:56:50 | 000,019,694 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2019/03/07 18:56:50 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2019/03/07 18:56:50 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2019/03/07 18:56:50 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2019/03/07 18:56:50 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2019/03/07 18:56:50 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2019/03/07 18:56:50 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2019/03/07 18:56:50 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2019/03/07 18:56:50 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2019/03/07 18:56:50 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2019/03/07 18:56:47 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll
[2019/03/07 18:56:47 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compatui.dll
[2019/03/07 18:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_950.nls
[2019/03/07 18:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_950.nls
[2019/03/07 18:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_949.nls
[2019/03/07 18:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_949.nls
[2019/03/07 18:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_936.nls
[2019/03/07 18:56:47 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_936.nls
[2019/03/07 18:56:47 | 000,167,219 | ---- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs
[2019/03/07 18:56:47 | 000,167,219 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs
[2019/03/07 18:56:47 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_932.nls
[2019/03/07 18:56:47 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_932.nls
[2019/03/07 18:56:47 | 000,097,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs
[2019/03/07 18:56:47 | 000,097,965 | ---- | C] () -- C:\WINDOWS\System32\eventquery.vbs
[2019/03/07 18:56:47 | 000,071,859 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_874.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_874.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_865.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_865.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_863.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_863.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_861.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_861.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_860.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_860.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_850.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_850.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_775.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_775.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_437.nls
[2019/03/07 18:56:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_437.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_500.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_500.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28605.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28605.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28598.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28598.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28593.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28593.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28592.nls
[2019/03/07 18:56:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28592.nls
[2019/03/07 18:56:47 | 000,061,172 | ---- | C] () -- C:\WINDOWS\System32\cmmgr32.hlp
[2019/03/07 18:56:47 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2019/03/07 18:56:47 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2019/03/07 18:56:47 | 000,050,620 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2019/03/07 18:56:47 | 000,042,339 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2019/03/07 18:56:47 | 000,041,762 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2019/03/07 18:56:47 | 000,041,397 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2019/03/07 18:56:47 | 000,040,505 | ---- | C] () -- C:\WINDOWS\System32\cmdlib.wsc
[2019/03/07 18:56:47 | 000,038,302 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2019/03/07 18:56:47 | 000,033,673 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2019/03/07 18:56:47 | 000,033,079 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2019/03/07 18:56:47 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2019/03/07 18:56:47 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2019/03/07 18:56:47 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2019/03/07 18:56:47 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ctype.nls
[2019/03/07 18:56:47 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls
[2019/03/07 18:56:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2019/03/07 18:56:47 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\View Channels.scf
[2019/03/07 18:56:47 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2019/03/07 18:56:46 | 000,790,846 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2019/03/07 18:56:46 | 000,218,362 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2019/03/07 18:56:46 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20261.nls
[2019/03/07 18:56:46 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\c_20261.nls
[2019/03/07 18:56:46 | 000,080,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2019/03/07 18:56:46 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28591.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28591.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21866.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21866.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20905.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20905.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20866.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20866.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1258.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1258.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1257.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1257.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1256.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1256.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1255.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1255.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1254.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1254.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1253.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1252.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1252.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1251.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1250.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1026.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1026.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10079.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10079.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10000.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10000.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_037.nls
[2019/03/07 18:56:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_037.nls
[2019/03/07 18:56:46 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2019/03/07 18:56:46 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2019/03/07 18:56:46 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2019/03/07 18:56:46 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2019/03/07 18:56:46 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2019/03/07 18:56:46 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2019/03/07 18:56:46 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2019/03/07 18:56:46 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2019/03/07 18:56:46 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
[2019/03/07 18:56:46 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2010/07/26 19:21:23 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Oli\defogger_reenable
[2010/07/26 15:19:06 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Oli\Desktop\CKScanner.exe
[2010/07/21 20:07:14 | 000,011,219 | ---- | C] () -- C:\test.ogg
[2010/07/16 22:59:31 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Oli\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/16 22:04:00 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\Oli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/12 16:43:17 | 000,011,452 | ---- | C] () -- C:\WINDOWS\System32\mypixdx.chm
[2010/07/10 23:56:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/07/10 23:56:43 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/07/10 23:56:43 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/07/10 23:56:42 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/07/10 23:56:42 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/07/10 23:56:41 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/07/10 23:56:41 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/07/10 23:56:40 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/07/10 23:56:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/07/10 23:56:35 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/07/09 11:48:03 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/06/30 22:00:55 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/30 22:00:55 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/29 17:00:43 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/29 17:00:43 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/29 13:40:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2010/06/29 00:45:36 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/06/29 00:45:24 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/06/29 00:45:18 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/06/29 00:45:17 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/05/02 18:04:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/02/09 20:57:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2010/01/10 18:27:21 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/23 21:02:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdevs.dll
[2009/11/23 21:02:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdecoin.dll
[2009/11/23 21:01:34 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdedrs.dll
[2009/11/23 21:01:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdecnv4.dll
[2009/11/23 21:01:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdecaps.dll
[2009/11/23 21:01:07 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdeinst.dll
[2009/11/23 21:01:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdegrd.dll
[2009/08/25 11:49:44 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/06/04 15:38:59 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/06/02 14:47:28 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/05/19 21:22:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/05/07 16:17:22 | 000,520,267 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2009/03/22 20:21:20 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2009/03/18 20:22:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/02/12 20:24:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PlgEnabler2a.INI
[2009/01/20 05:16:22 | 000,000,162 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2009/01/06 17:33:50 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2008/10/03 14:38:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2008/10/03 12:46:01 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/13 12:29:43 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC.dll
[2008/09/04 20:29:02 | 000,000,096 | ---- | C] () -- C:\WINDOWS\docs.ini
[2008/09/04 13:03:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008/09/04 13:02:29 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008/06/04 23:04:41 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2007/09/14 18:51:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/09/14 18:51:39 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2007/09/14 17:15:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2007/06/12 14:56:11 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\APOMngr.dll
[2007/06/12 14:56:11 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\CmdRtr.dll
[2007/03/05 23:53:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/21 17:50:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/21 02:47:07 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/21 02:47:07 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/21 02:47:07 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/21 02:47:07 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/15 16:31:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PlgEnabler.INI
[2007/02/13 19:41:54 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2007/02/13 03:23:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2007/02/12 23:15:11 | 000,000,062 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2007/02/12 23:12:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/02/12 19:46:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/02/11 19:34:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/11 19:06:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cleaninglab.INI
[2007/02/11 19:03:45 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/02/11 19:02:55 | 000,001,122 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/02/05 10:37:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/25 07:43:22 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/08/23 11:47:00 | 000,008,251 | R--- | C] () -- C:\WINDOWS\sfsyn.ini
[2005/12/02 10:23:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/03/08 07:17:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2002/02/07 09:28:16 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wstrenderer.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wstpager.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextres.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WpdShext.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdconns.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpd_ci.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpshell.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpmde.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmploc.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpencen.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpeffects.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMNetMgr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmidx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmerror.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmlog.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMASF.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WinFXDocObj.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfmgr.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfapi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\VBICodec.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\uwdf.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\ticrf.rat:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\termsrv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\tdc.ocx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET1A1.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET184.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET176.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET174.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\SET159.tmp:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\qasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mswmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msscp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msnp.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msnetobj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msls31.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mshtmler.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mshtml.tlb:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mshta.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msfeedssync.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\Msdvbnp.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mpg2splt.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mpeg2data.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MFPLAT.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\logagent.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\licmgr10.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\LAPRXY.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\l3codecp.acm:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\inseng.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\imgutil.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\ieuinit.inf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\ieui.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\iesetup.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\icrav03.rat:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\eula.txt:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmv2clt.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmupgds.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\UMDF\wpdmtpdr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\pxhelp20.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wstrendr.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wstpager.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmvdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmvdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMSPDMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmsdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmsdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmpshell.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmploc.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmplayer.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmpband.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmpasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMNetMgr.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmidx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmerror.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmdmps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\wmdmlog.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMASF.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMADMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\WMADMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\termsrv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\tdc.ocx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\setup_wm.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\qasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mswmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\msscp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mspmsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mspmsnsv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\msnetobj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\msls31.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mshtmler.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mshtml.tlb:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mshta.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\Msdvbnp.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mpvis.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\MPG4DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\mpg2splt.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\Mpg2data.ax:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\MP4SDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\MP43DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\licmgr10.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\inseng.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\imgutil.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\iesetup.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\iedw.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\hmmapi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\ehtray.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\ehSched.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\ehProxy.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\ehmsas.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\ehiExtCOM.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\ehExtCOM.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\drmv2clt.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\dllcache\custsat.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\cewmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\blackbox.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\audiodev.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\asferror.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\advpack.dll.mui:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\admparse.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Program Files\Windows Media Player\WMPNetwk.exe:AFP_AfpInfo
@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A12A9
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 1494 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:98ec7ujPhWECPBYVYkcnN
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1383 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:KPyHYV3b1v6MG4HAx5D1BCstNDK08
@Alternate Data Stream - 1363 bytes -> C:\Program Files\Common Files\Microsoft Shared:L0098reRb8tjWCTye4s
@Alternate Data Stream - 1343 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:1TsoWig823Xs0uoYrSsOVoDLs161
@Alternate Data Stream - 1327 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:FXo9riQ99cA8T7HeJFqPhT
@Alternate Data Stream - 1290 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:6EBTW1P1fOLfa5vw30wLoV
@Alternate Data Stream - 1281 bytes -> C:\Program Files\Common Files\Microsoft Shared:9zSf1Vsr1yg6PbPN7tWz
@Alternate Data Stream - 1259 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8KccE82zupmsJn7UhZPmwOk
@Alternate Data Stream - 1251 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ool7b0FOpDuYfNQiG23wgrMQP5p
@Alternate Data Stream - 1231 bytes -> C:\Program Files\Common Files\System:qyI0hltSnRDQ7E8w6vMg9KFqEL
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39AA0B1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 1168 bytes -> C:\Documents and Settings\Oli\Local Settings\Application Data\FUnOnML3xcnPJjc:xcqnIgppWSq0njYrJkvt
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CC2F3
< End of report >
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 4:58 pm

Extras...

OTL Extras logfile created on: 26/07/2010 19:31:36 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Oli\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 39.20 Gb Free Space | 17.16% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 187.21 Gb Free Space | 80.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 767.84 Gb Free Space | 82.43% Space Free | Partition Type: HFS+
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.76 Gb Total Space | 127.84 Gb Free Space | 27.45% Space Free | Partition Type: NTFS

Computer Name: OLI
Current User Name: Oli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3139917023-2047343290-364979358-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5720:TCP" = 5720:TCP:*:Enabled:Jumi Controller
"5720:UDP" = 5720:UDP:*:Enabled:Jumi Controller

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Documents and Settings\Oli\Local Settings\Temp\lxde\wireless\ENGLISH\lxdewpss.exe" = C:\Documents and Settings\Oli\Local Settings\Temp\lxde\wireless\ENGLISH\lxdewpss.exe:*:Enabled: -- File not found
"C:\WINDOWS\system32\lxdeih.exe" = C:\WINDOWS\system32\lxdeih.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\lxdecoms.exe" = C:\WINDOWS\system32\lxdecoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 4800 Series\lxdeamon.exe" = C:\Program Files\Lexmark 4800 Series\lxdeamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 4800 Series\FRun.exe" = C:\Program Files\Lexmark 4800 Series\FRun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Lexmark Fax Solutions\faxctr.exe" = C:\Program Files\Lexmark Fax Solutions\faxctr.exe:*:Enabled:Fax software -- File not found
"C:\Program Files\Lexmark 4800 Series\lxdemon.exe" = C:\Program Files\Lexmark 4800 Series\lxdemon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\Program Files\Lexmark 4800 Series\Wireless\lxdewpss.exe" = C:\Program Files\Lexmark 4800 Series\Wireless\lxdewpss.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TightVNC\tvnserver.exe" = C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- (GlavSoft LLC.)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14AA664E-9BFA-44C4-A083-83A2998679BA}" = Digidesign Pro Tools M-Powered 7.4cs2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D03DE2-D142-4A6C-B346-2FA7C8D76A57}" = BassStation
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{263D0845-6A38-4B83-ACF5-C48E0C62450B}" = M-Audio Axiom Driver 1.1.1 (x86)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391BF2AA-1304-471A-9CBF-084AE32813D6}" = M-Audio Delta Driver 6.0.2 (x86)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{487807C8-1FE9-45D5-A1F2-593C78D2DFDD}" = Digidesign Music Production Toolkit 7.4
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.03
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FD75E05-FF64-4C27-AA79-FD589A8C1A0B}" = MacDrive 7
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Digidesign Free Bomb Factory Plug-Ins 7.4
"{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1" = V-Station 1.5.1
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A09ABB28-33D6-4662-8282-C46D480BE863}" = TL Space Native 7.4
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA0D0121-A3BA-487D-9C78-7AB0E676C722}" = Miroslav Philharmonik
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F72DD596-F857-463C-AA43-647B45FCE14D}" = M-Audio Reason Control Surface
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.1.1
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"AKAI professional DCVocoder 1.0" = AKAI professional DCVocoder 1.0
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"ASAPI Update" = ASAPI Update
"Audacity_is1" = Audacity 1.2.6
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Defraggler" = Defraggler
"D-Link VGA Webcam" = D-Link VGA Webcam
"FabFilter Pro-C VST RTAS_is1" = FabFilter Pro-C VST RTAS v1.1.1
"FabFilter Timeless v1.00 VST" = FabFilter Timeless v1.00 VST
"FabFilter Twin VSTi RTAS_is1" = FabFilter Twin VSTi RTAS v2.00
"FabFilter Volcano VST RTAS_is1" = FabFilter Volcano VST RTAS v2.02
"ffdshow_is1" = ffdshow v1.1.3489 [2010-06-28]
"filehippo.com" = FileHippo.com Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"Icon Restore_is1" = Icon Restore 1.0
"Iconix eMail ID" = Iconix® eMail ID
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImTOO HD Video Converter" = ImTOO HD Video Converter
"IsoBuster_is1" = IsoBuster 2.8
"iZotope Ozone 4_is1" = iZotope Ozone 4
"Lexmark 4800 Series" = Lexmark 4800 Series
"Live 8.0.4" = Live 8.0.4
"LogonStudio" = LogonStudio
"MAGIX audio cleaning lab 10 deLuxe" = MAGIX audio cleaning lab 10 deLuxe
"MAGIX Music Manager" = MAGIX Music Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Music Cleaning Studio" = Music Cleaning Studio
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS" = Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS" = Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
"Need2FindBar Uninstall" = Need2Find Bar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Oddity" = GForce - Oddity
"OrangeVocoder v2.0-OxYGeN" = OrangeVocoder v2.0-OxYGeN
"Reason_is1" = Reason 3.0
"Reason4_is1" = Reason 4.0
"Recover My Photos_is1" = Recover My Photos
"reFX Nexus Demo_is1" = reFX Nexus Demo
"reFX Vanguard VSTi_is1" = reFX Vanguard VSTi v1.7.0
"Revo Uninstaller" = Revo Uninstaller 1.89
"rgc:audio sfz VSTi_is1" = rgc:audio sfz VSTi v1.96
"SimCity 3000" = SimCity 3000
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"SP6" = Logitech SetPoint 6.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.3
"TightVNC" = TightVNC 2.0.2
"TomTom HOME" = TomTom HOME 2.7.4.1962
"Trilogy_is1" = Trilogy
"Tunatic" = Tunatic
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Unlocker" = Unlocker 1.8.7
"Videora iPod Converter" = Videora iPod Converter 4.06
"ViewpointMediaPlayer" = Viewpoint Media Player
"VIPv3" = Vista Icon Pack v3 System Patch
"VLC media player" = VLC media player 1.1.0
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"WIC" = Windows Imaging Component
"WinAVI Video Capture_is1" = WinAVI Video Capture 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3139917023-2047343290-364979358-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bddd472159704f26" = macProVideo.com NED Player
"BitTorrent DNA" = DNA
"IconTweaker" = IconTweaker 1.12

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/07/2010 12:52:22 | Computer Name = OLI | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 26/07/2010 12:58:18 | Computer Name = OLI | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 26/07/2010 12:58:18 | Computer Name = OLI | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 26/07/2010 13:07:53 | Computer Name = OLI | Source = Application Hang | ID = 1002
Description = Hanging application ProTools M-Powered.exe, version 7.4.0.315, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/07/2010 13:08:31 | Computer Name = OLI | Source = Application Hang | ID = 1002
Description = Hanging application ProTools M-Powered.exe, version 7.4.0.315, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/07/2010 14:24:30 | Computer Name = OLI | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 26/07/2010 14:24:30 | Computer Name = OLI | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 26/07/2010 14:27:29 | Computer Name = OLI | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 26/07/2010 14:27:29 | Computer Name = OLI | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 26/07/2010 14:28:49 | Computer Name = OLI | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ OSession Events ]
Error - 23/04/2010 05:05:02 | Computer Name = OLI_COMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 26/04/2010 05:04:18 | Computer Name = OLI_COMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 26/07/2010 14:24:29 | Computer Name = OLI | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%2

Error - 26/07/2010 14:24:32 | Computer Name = OLI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1

Error - 26/07/2010 14:24:42 | Computer Name = OLI | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 26/07/2010 14:24:42 | Computer Name = OLI | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 26/07/2010 14:24:42 | Computer Name = OLI | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 26/07/2010 14:25:06 | Computer Name = OLI | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 26/07/2010 14:25:06 | Computer Name = OLI | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 26/07/2010 14:25:46 | Computer Name = OLI | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 26/07/2010 14:25:46 | Computer Name = OLI | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.

Error - 26/07/2010 14:26:26 | Computer Name = OLI | Source = DCOM | ID = 10020
Description = The machine wide Default Launch and Activation security descriptor
is invalid. It contains Access Control Entries with permissions that are invalid.
The requested action was therefore not performed. This security permission can
be corrected using the Component Services administrative tool.


< End of report >
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 5:01 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6977000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10534912 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 257.21 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6303744 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 257.21 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB67E9000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 958464 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xB7DD1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB670D000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB435A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB386F000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB68D3000 C:\WINDOWS\system32\DRIVERS\MAudioDelta.sys 299008 bytes (Avid Technology, Inc., M-Audio Delta PCI driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7D30000 MDFSYSNT.sys 286720 bytes (Mediafour Corporation, MacDrive file system driver)
0xB3A06000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB425F000 C:\WINDOWS\system32\Drivers\vmm.sys 241664 bytes (Microsoft Corporation, Virtual Machine Monitor)
0xB440E000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 221184 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB676B000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F59000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB3B37000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D90000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2193000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB456F000 C:\WINDOWS\System32\Drivers\ov519vid.sys 167936 bytes (OmniVision Technologies, Inc., Dual Mode USB Camera 519 Stream Class Mini Driver)
0xB430C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB44A7000 C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 163840 bytes (TOSHIBA CORPORATION, Bluetooth RF Bus Driver)
0xB7F03000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB4334000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB693F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB691C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB42EA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB423D000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7EB3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F87000 imagesrv.sys 131072 bytes (Ahead Software AG, Nero Image Server)
0xB7F29000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D76000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7E88000 TPkd.sys 102400 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0xB7EEB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB41FD000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7ED3000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7E71000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB67AC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB2EAA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7DBD000 inspect.sys 81920 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xB67D5000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB6963000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB43B3000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB4444000 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 77824 bytes (TOSHIBA Corporation., Bluetooth HID Driver from TOSHIBA)
0xB7E5E000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB67C3000 C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 73728 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xB7EA1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F48000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB679B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8268000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB7761000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8168000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB8128000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB7731000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB7701000 C:\WINDOWS\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0xB8248000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB81F8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8108000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB7751000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB3597000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB81E8000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB7383000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB76F1000 C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys 61440 bytes (Microsoft Corporation, Virtual Machine Network Services Driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB73B3000 C:\WINDOWS\system32\DRIVERS\cledx.sys 57344 bytes (Team H2O, Team H2O CLEDX DevWhore)
0xB7711000 C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 57344 bytes (Logitech, Inc., Logitech PS/2 Mouse Filter Driver.)
0xB81B8000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 57344 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xB80F8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB7721000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB7403000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB81D8000 C:\WINDOWS\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB73E3000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB8238000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB7771000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 jraid.sys 45056 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB73F3000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB73A3000 C:\WINDOWS\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 45056 bytes (TOSHIBA CORPORATION, Bluetooth USB Miniport Driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB7393000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB7741000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 40960 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xB73C3000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB8208000 C:\WINDOWS\System32\Drivers\tosrfbnp.sys 40960 bytes (TOSHIBA Corporation, Bluetooth RFBNEP Driver)
0xB8118000 DigiFilt.sys 36864 bytes (Digidesign, A Division of Avid Technology, Inc., Digidesign Filter Driver)
0xB80E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB7413000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB73D3000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8218000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB30BF000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8468000 C:\WINDOWS\System32\Drivers\Asapi.SYS 32768 bytes (VOB Computersysteme GmbH, ASAPI)
0xB83F0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB83B8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8458000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB84A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB83C0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB8478000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB84A0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8490000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB83C8000 C:\WINDOWS\System32\Drivers\ov519cmd.sys 24576 bytes (OmniVision Technologies Inc., Dual Mode USB Camera 519 Universal Serial Bus Camera Driver)
0xB8408000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB8400000 C:\WINDOWS\System32\Drivers\StarOpen.SYS 24576 bytes
0xB83E0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8428000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xB83F8000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0xB8338000 MDPMGRNT.sys 20480 bytes (Mediafour Corporation, MacDrive partition driver)
0xB83E8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB84B0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8350000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB8340000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8450000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB8410000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8588000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7986000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.)
0xB796A000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB3D80000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7CC0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB45E1000 C:\WINDOWS\System32\DRIVERS\cmderd.sys 12288 bytes (COMODO, COMODO Internet Security Eradication Driver)
0xB448F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB45DD000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB8584000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB797E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7CD0000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xB45D1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB45BD000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xB85E4000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xB8602000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB860A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB8600000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85AE000 imagedrv.sys 8192 bytes (Ahead Software AG, NERO IMAGEDRIVE SCSI miniport)
0xB85B0000 JGOGO.sys 8192 bytes (JMicron , SCSI Port upper filter driver)
0xB85E6000 C:\WINDOWS\system32\DRIVERS\jumi.sys 8192 bytes (Windows (R) Win 7 DDK provider, Jumi Virtual Hid Device)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8604000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8606000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85E8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85EE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB86E6000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8704000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xB8788000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB87C9000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xB86E9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ftdisk.sys-->ntkrnlpa.exe-->IoReadPartitionTableEx, Type: IAT modification 0xB7F2AC5C-->B833ABAE [MDPMGRNT.sys]
ntkrnlpa.exe+0x0002D53C, Type: Inline - RelativeJump 0x8050453C-->80504588 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D570, Type: Inline - RelativeJump 0x80504570-->80504500 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D57C, Type: Inline - RelativeJump 0x8050457C-->805045C4 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D66C, Type: Inline - RelativeJump 0x8050466C-->805046B4 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D78C, Type: Inline - RelativeJump 0x8050478C-->80504736 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D850, Type: Inline - RelativeJump 0x80504850-->80504898 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D868, Type: Inline - RelativeJump 0x80504868-->805047EE [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D870, Type: Inline - RelativeJump 0x80504870-->805048BC [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB4399428-->B7DBE6E0 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB4399454-->B7DBE7B0 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB4399460-->B7DBE740 [inspect.sys]
[1060]services.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1060]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1060]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1060]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1060]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1060]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1060]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1060]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1060]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1060]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1060]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1060]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1060]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1060]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1060]services.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1060]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1060]services.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1060]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1060]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1060]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1060]services.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1060]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1080]lsass.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1080]lsass.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1080]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1080]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1080]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1080]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1080]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1080]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1080]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1080]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1080]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1080]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1080]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1080]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1080]lsass.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1080]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1080]lsass.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1080]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1080]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1080]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1080]lsass.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1080]lsass.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1080]lsass.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1080]lsass.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1080]lsass.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1080]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1080]lsass.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1080]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1080]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1080]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1272]nvsvc32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1272]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1272]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1272]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1272]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1272]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1272]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1272]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1272]nvsvc32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1272]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1272]nvsvc32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1272]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1272]nvsvc32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1272]nvsvc32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1340]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1340]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1340]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1340]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1340]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1340]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1340]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1340]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1340]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1340]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1340]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1340]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1340]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1340]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1340]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1340]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1340]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1340]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1340]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1340]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1340]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1340]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1340]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1340]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1340]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1340]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1420]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1420]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1420]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1420]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1420]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1420]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1420]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1420]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1420]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1420]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1420]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1420]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1420]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1420]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1420]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1420]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1420]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1420]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1420]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1420]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1420]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1420]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1420]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1420]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1420]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1420]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1472]jqs.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1472]jqs.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1472]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1472]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1472]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1472]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1472]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1472]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1472]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1472]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1472]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1472]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1472]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1472]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1472]jqs.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1472]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1472]jqs.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1472]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1472]jqs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1472]jqs.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1472]jqs.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1472]jqs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1472]jqs.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1472]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1472]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1472]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1512]lxdeserv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1512]lxdeserv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1512]lxdeserv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1512]lxdeserv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1512]lxdeserv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1512]lxdeserv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1512]lxdeserv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1512]lxdeserv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1512]lxdeserv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1512]lxdeserv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1512]lxdeserv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1512]lxdeserv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1512]lxdeserv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94B0D2-->00000000 [guard32.dll]
[1512]lxdeserv.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94C2C0-->00000000 [guard32.dll]
[1572]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1572]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1572]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1572]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1572]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1572]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1572]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1572]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1572]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1572]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1572]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1572]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1572]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1572]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1660]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1660]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1660]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1660]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1660]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1660]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1660]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1660]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1660]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1660]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1660]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1660]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1660]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1660]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1660]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1660]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1660]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1660]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1660]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1660]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1660]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1660]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1660]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1660]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1660]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1660]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1692]lxdecoms.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1692]lxdecoms.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1692]lxdecoms.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1692]lxdecoms.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1692]lxdecoms.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1692]lxdecoms.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1692]lxdecoms.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1692]lxdecoms.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1692]lxdecoms.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1692]lxdecoms.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 5:02 pm

[1692]lxdecoms.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1692]lxdecoms.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1692]lxdecoms.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1692]lxdecoms.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1692]lxdecoms.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1760]MacDriveService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1760]MacDriveService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1760]MacDriveService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1760]MacDriveService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1760]MacDriveService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1760]MacDriveService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1760]MacDriveService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1760]MacDriveService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1760]MacDriveService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1760]MacDriveService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1760]MacDriveService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1760]MacDriveService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1760]MacDriveService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1760]MacDriveService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1784]StarWindServiceAE.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1784]StarWindServiceAE.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1784]StarWindServiceAE.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1784]StarWindServiceAE.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1784]StarWindServiceAE.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1784]StarWindServiceAE.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1784]StarWindServiceAE.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1784]StarWindServiceAE.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1784]StarWindServiceAE.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1784]StarWindServiceAE.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1784]StarWindServiceAE.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1832]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1832]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1832]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1832]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1832]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1832]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1832]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1832]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1832]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1832]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1832]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1832]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1832]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1832]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1832]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1832]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1832]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1832]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1832]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1832]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1832]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1832]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1832]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1832]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1832]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1832]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1860]SeaPort.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1860]SeaPort.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1860]SeaPort.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1860]SeaPort.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1860]SeaPort.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1860]SeaPort.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1860]SeaPort.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1860]SeaPort.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1860]SeaPort.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1860]SeaPort.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1860]SeaPort.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1860]SeaPort.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1860]SeaPort.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1860]SeaPort.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1860]SeaPort.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1860]SeaPort.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1860]SeaPort.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1860]SeaPort.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1860]SeaPort.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1860]SeaPort.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1860]SeaPort.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1860]SeaPort.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1860]SeaPort.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1860]SeaPort.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1860]SeaPort.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[1860]SeaPort.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[1860]SeaPort.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[1968]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[1968]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[1968]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[1968]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[1968]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[1968]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[1968]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[1968]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[1968]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[1968]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[1968]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[1968]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[1968]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[1968]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[1968]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[1968]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[1968]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1968]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1968]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[1968]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1968]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1968]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[1968]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[1968]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[1968]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[1968]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[1968]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94B0D2-->00000000 [guard32.dll]
[1968]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94C2C0-->00000000 [guard32.dll]
[2052]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2052]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2052]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2052]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2052]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2052]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2052]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2052]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2052]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2052]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2052]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2052]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2052]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2052]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2052]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2052]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2100]rundll32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2100]rundll32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2100]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2100]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2100]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2100]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2100]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2100]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2100]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2100]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2100]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2100]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2100]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2100]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2100]rundll32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2100]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2100]rundll32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2100]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2100]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2100]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2100]rundll32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2100]rundll32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2100]rundll32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2100]rundll32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2100]rundll32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2100]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2192]tgsrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2192]tgsrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2192]tgsrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2192]tgsrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2192]tgsrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2192]tgsrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2192]tgsrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2192]tgsrvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2192]tgsrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2192]tgsrvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2192]tgsrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2192]tgsrvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2192]tgsrvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2228]TosBtSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2228]TosBtSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2228]TosBtSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2228]TosBtSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2228]TosBtSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2228]TosBtSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2228]TosBtSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2228]TosBtSrv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2228]TosBtSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2228]TosBtSrv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2228]TosBtSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2228]TosBtSrv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2228]TosBtSrv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2304]wmpnscfg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2304]wmpnscfg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2304]wmpnscfg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2304]wmpnscfg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2304]wmpnscfg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2304]wmpnscfg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2304]wmpnscfg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2304]wmpnscfg.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2304]wmpnscfg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2304]wmpnscfg.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2304]wmpnscfg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2304]wmpnscfg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2304]wmpnscfg.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[232]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[232]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[232]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[232]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[232]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[232]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[232]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[232]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[232]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[232]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 5:03 pm

[232]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[232]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[232]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[232]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[232]spoolsv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[232]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[232]spoolsv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[232]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[232]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[232]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[232]spoolsv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[232]spoolsv.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[232]spoolsv.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[232]spoolsv.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[232]spoolsv.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[232]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2332]tvnserver.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2332]tvnserver.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2332]tvnserver.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2332]tvnserver.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2332]tvnserver.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2332]tvnserver.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2332]tvnserver.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2332]tvnserver.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2332]tvnserver.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2332]tvnserver.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2332]tvnserver.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2332]tvnserver.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2332]tvnserver.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2332]tvnserver.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2332]tvnserver.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2332]tvnserver.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2332]tvnserver.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2332]tvnserver.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2332]tvnserver.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2332]tvnserver.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2332]tvnserver.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2332]tvnserver.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2332]tvnserver.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2332]tvnserver.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2332]tvnserver.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2332]tvnserver.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2332]tvnserver.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2380]Bandoo.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2380]Bandoo.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2380]Bandoo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2380]Bandoo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2380]Bandoo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2380]Bandoo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2380]Bandoo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2380]Bandoo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2380]Bandoo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2380]Bandoo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2380]Bandoo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2380]Bandoo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2380]Bandoo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2380]Bandoo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2380]Bandoo.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2380]Bandoo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2380]Bandoo.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2380]Bandoo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2380]Bandoo.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2380]Bandoo.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2380]Bandoo.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2380]Bandoo.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2380]Bandoo.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2380]Bandoo.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2380]Bandoo.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2380]Bandoo.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94B0D2-->00000000 [guard32.dll]
[2380]Bandoo.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94C2C0-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2380]Bandoo.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2380]Bandoo.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2496]McrdSvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2496]McrdSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2496]McrdSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2496]McrdSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2496]McrdSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2496]McrdSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2496]McrdSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2496]McrdSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2496]McrdSvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2496]McrdSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2496]McrdSvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2496]McrdSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2496]McrdSvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2496]McrdSvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2496]McrdSvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2544]wmpnetwk.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2544]wmpnetwk.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2544]wmpnetwk.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2544]wmpnetwk.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2544]wmpnetwk.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2544]wmpnetwk.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2544]wmpnetwk.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2544]wmpnetwk.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2544]wmpnetwk.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2544]wmpnetwk.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2544]wmpnetwk.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2544]wmpnetwk.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2544]wmpnetwk.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2544]wmpnetwk.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2544]wmpnetwk.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2600]rundll32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2600]rundll32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2600]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2600]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2600]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2600]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2600]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2600]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2600]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2600]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2600]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2600]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2600]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2600]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2600]rundll32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2600]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2600]rundll32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2600]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2600]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2600]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2600]rundll32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2600]rundll32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2600]rundll32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2600]rundll32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2600]rundll32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2600]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2648]tvnserver.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2648]tvnserver.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2648]tvnserver.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2648]tvnserver.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2648]tvnserver.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2648]tvnserver.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2648]tvnserver.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2648]tvnserver.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2648]tvnserver.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2648]tvnserver.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2648]tvnserver.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2648]tvnserver.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2648]tvnserver.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2648]tvnserver.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2648]tvnserver.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2648]tvnserver.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2648]tvnserver.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2648]tvnserver.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2648]tvnserver.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2648]tvnserver.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2648]tvnserver.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2648]tvnserver.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2648]tvnserver.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2648]tvnserver.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2648]tvnserver.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2648]tvnserver.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2648]tvnserver.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2652]iTunesHelper.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2652]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2652]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2652]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2652]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2652]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2652]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2652]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2652]iTunesHelper.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2652]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2652]iTunesHelper.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2652]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2652]iTunesHelper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94B0D2-->00000000 [guard32.dll]
[2652]iTunesHelper.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94C2C0-->00000000 [guard32.dll]
[2676]ctfmon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2676]ctfmon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2676]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2676]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2676]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2676]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2676]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2676]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2676]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2676]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2676]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2676]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2676]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2676]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2676]ctfmon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2676]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2676]ctfmon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2676]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2676]ctfmon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2676]ctfmon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2676]ctfmon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2676]ctfmon.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2676]ctfmon.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2676]ctfmon.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2676]ctfmon.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2676]ctfmon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2884]jumi.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2884]jumi.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2884]jumi.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2884]jumi.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2884]jumi.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2884]jumi.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2884]jumi.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2884]jumi.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2884]jumi.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2884]jumi.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2884]jumi.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2884]jumi.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2884]jumi.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2884]jumi.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2884]jumi.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2884]jumi.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2884]jumi.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2884]jumi.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2884]jumi.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2884]jumi.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2884]jumi.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2884]jumi.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2884]jumi.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2884]jumi.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2884]jumi.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2884]jumi.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2884]jumi.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94B0D2-->00000000 [guard32.dll]
[2884]jumi.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94C2C0-->00000000 [guard32.dll]
[2884]jumi.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2884]jumi.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2884]jumi.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2884]jumi.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[3040]explorer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3040]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3040]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3040]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3040]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3040]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3040]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3040]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3040]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3040]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3040]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3040]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3040]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3040]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3040]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3040]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3040]explorer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3040]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3040]explorer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3040]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3040]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3040]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3040]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3040]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3040]explorer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 5:04 pm

[3040]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3040]explorer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3040]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3040]explorer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3040]explorer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3040]explorer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3040]explorer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3040]explorer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3040]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3040]explorer.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94B0D2-->00000000 [guard32.dll]
[3040]explorer.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94C2C0-->00000000 [guard32.dll]
[3040]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[3040]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[316]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[316]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[316]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[316]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[316]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[316]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[316]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[316]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[316]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[316]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[316]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[316]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[316]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[316]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[316]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[316]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[316]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[316]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[316]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[316]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[316]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[316]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[316]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[316]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[316]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[316]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3420]dllhost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3420]dllhost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3420]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3420]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3420]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3420]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3420]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3420]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3420]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3420]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3420]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3420]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3420]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3420]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3420]dllhost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3420]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3420]dllhost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3420]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3420]dllhost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3420]dllhost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3420]dllhost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3420]dllhost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3420]dllhost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3420]dllhost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3420]dllhost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3420]dllhost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[364]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[364]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[364]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[3748]alg.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3748]alg.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3748]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3748]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3748]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3748]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3748]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3748]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3748]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3748]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3748]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3748]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3748]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3748]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3748]alg.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3748]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3748]alg.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3748]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3748]alg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3748]alg.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3748]alg.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3748]alg.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3748]alg.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3748]alg.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3748]alg.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3748]alg.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3748]alg.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[3748]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[3748]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[3748]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[376]AudioDevMon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[376]AudioDevMon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[376]AudioDevMon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[376]AudioDevMon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[376]AudioDevMon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[376]AudioDevMon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[376]AudioDevMon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[376]AudioDevMon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[376]AudioDevMon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[376]AudioDevMon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[376]AudioDevMon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[376]AudioDevMon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[376]AudioDevMon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[376]AudioDevMon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3880]iPodService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3880]iPodService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3880]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3880]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3880]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3880]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3880]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3880]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3880]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3880]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3880]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3880]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3880]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3880]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3880]iPodService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3880]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3880]iPodService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3880]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3880]iPodService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3880]iPodService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3880]iPodService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3880]iPodService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3892]DeltaIITray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3892]DeltaIITray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3892]DeltaIITray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3892]DeltaIITray.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3892]DeltaIITray.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3892]DeltaIITray.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3892]DeltaIITray.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3892]DeltaIITray.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3892]DeltaIITray.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3892]DeltaIITray.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3892]DeltaIITray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3892]DeltaIITray.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3892]DeltaIITray.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3976]OEdmn_6.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3976]OEdmn_6.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3976]OEdmn_6.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3976]OEdmn_6.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3976]OEdmn_6.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3976]OEdmn_6.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3976]OEdmn_6.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3976]OEdmn_6.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3976]OEdmn_6.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3976]OEdmn_6.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3976]OEdmn_6.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3976]OEdmn_6.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94B0D2-->00000000 [guard32.dll]
[3976]OEdmn_6.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94C2C0-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[400]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[400]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[400]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[400]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[400]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[400]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[400]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[400]mDNSResponder.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[400]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[400]mDNSResponder.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[400]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[400]mDNSResponder.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[400]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[400]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[448]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[448]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[448]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[448]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[448]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[448]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[448]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[448]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[448]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[448]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[448]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[448]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[448]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[448]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[448]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[448]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[448]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[448]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[448]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[448]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[448]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[448]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[448]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[448]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[448]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[448]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[620]firefox.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[620]firefox.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[620]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[620]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[620]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[620]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[620]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[620]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[620]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[620]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[620]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[620]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 5:04 pm

[620]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[620]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[620]firefox.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[620]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[620]firefox.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[620]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[620]firefox.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[620]firefox.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[620]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[620]firefox.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[620]firefox.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[620]firefox.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[620]firefox.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[620]firefox.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[620]firefox.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[620]firefox.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[620]firefox.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[620]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[620]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[620]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[756]MMERefresh.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[756]MMERefresh.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[756]MMERefresh.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[756]MMERefresh.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[756]MMERefresh.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[756]MMERefresh.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[756]MMERefresh.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[756]MMERefresh.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[756]MMERefresh.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[756]MMERefresh.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[756]MMERefresh.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[756]MMERefresh.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[756]MMERefresh.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[756]MMERefresh.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[756]MMERefresh.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[756]MMERefresh.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[756]MMERefresh.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[756]MMERefresh.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[756]MMERefresh.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[756]MMERefresh.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[756]MMERefresh.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[756]MMERefresh.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[828]ehrecvr.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[828]ehrecvr.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[828]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[828]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[828]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[828]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[828]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[828]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[828]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[828]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[828]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[828]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[828]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[828]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[828]ehrecvr.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[828]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[828]ehrecvr.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[828]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[828]ehrecvr.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[828]ehrecvr.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[828]ehrecvr.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[828]ehrecvr.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[836]sprtsvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[836]sprtsvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[836]sprtsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[836]sprtsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[836]sprtsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[836]sprtsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[836]sprtsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[836]sprtsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[836]sprtsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[836]sprtsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[836]sprtsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[836]sprtsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[836]sprtsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[836]sprtsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[836]sprtsvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[836]sprtsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[836]sprtsvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[836]sprtsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[836]sprtsvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[836]sprtsvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[836]sprtsvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[836]sprtsvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[836]sprtsvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[836]sprtsvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[836]sprtsvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[836]sprtsvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[836]sprtsvc.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94B0D2-->00000000 [guard32.dll]
[836]sprtsvc.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94C2C0-->00000000 [guard32.dll]
[872]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[872]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[872]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[872]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[872]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[872]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[872]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[872]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[872]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[872]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[872]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[872]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[872]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[872]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[872]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[872]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[872]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[872]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[872]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[872]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[872]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[872]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[872]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[872]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[872]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[872]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[880]ehSched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[880]ehSched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[880]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[880]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[880]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[880]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[880]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[880]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[880]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[880]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[880]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[880]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[880]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[880]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[880]ehSched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[880]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[880]ehSched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[880]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[880]ehSched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[880]ehSched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[880]ehSched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[880]ehSched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[924]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[924]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[924]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[924]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[924]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[924]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[924]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[924]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[924]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[924]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[924]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[924]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[924]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[924]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[924]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[996]IconixService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[996]IconixService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[996]IconixService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[996]IconixService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[996]IconixService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[996]IconixService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[996]IconixService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[996]IconixService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[996]IconixService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[996]IconixService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[996]IconixService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[996]IconixService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[996]IconixService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[996]IconixService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[996]IconixService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[996]IconixService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[996]IconixService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[996]IconixService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[996]IconixService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[996]IconixService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[996]IconixService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[996]IconixService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[996]IconixService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[996]IconixService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[996]IconixService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[996]IconixService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby deltalima » July 26th, 2010, 5:19 pm

Hi quazzer,

You have a large amount of expensive Adobe software installed and you have host file entries for example

127.0.0.1 activate.adobe.com

that would prevent the Adobe software from connecting to the Internet to check to validate the license.

I have already explained the forum policy with respect to unlicensed software.

Could you please explain the reason for the host file entries?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 5:36 pm

I'm not sure why that is. It isn't a cracked version possibly a trial but If you cannot go on helping me then I will understand.
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby deltalima » July 26th, 2010, 5:45 pm

Hi quazzer,

It isn't a cracked version possibly a trial


Unless you can confirm the license status of the software then we cannot continue, I am glad that you understand.

I will have this thread closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: corrupt system restore + virus scanner not detecting

Unread postby quazzer » July 26th, 2010, 6:00 pm

Ok I think you will have to close the thread, I am sorry for any inconvenience and I will next time adhere to the forums policy once i have checked my system thoroughly.
quazzer
Regular Member
 
Posts: 76
Joined: January 21st, 2007, 3:49 pm
Location: South West

Re: corrupt system restore + virus scanner not detecting

Unread postby Gary R » July 27th, 2010, 3:50 am

This forum does not support the Use of cracked or pirated software.

This topic is closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware