by justin234 » August 6th, 2010, 4:12 pm
Hi Deltalima,
My father is very ill and I have to be gone for another week. I'm sorry about the delay. Thank you for being so patient. I am not sure about the questions you asked, I wasn't paying attention. I just ran the scan in the morning now that I am overly cautious. Here is the latest RKU.
Justin
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4247552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 52.16 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7232000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1466368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 )
0xF6EF7000 C:\WINDOWS\system32\drivers\P16X.sys 1331200 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF70C8000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1093632 bytes (Conexant Systems, HSF_DP driver)
0xF7494000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF703C000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 573440 bytes (Conexant Systems, WinACHSF driver)
0xF51EE000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6D60000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF73F1000 mfehidk.sys 376832 bytes (McAfee, Inc., McAfee Link Driver)
0xF5322000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF3403000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF29E5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF540D000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 241664 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xF53A0000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF75A0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF3572000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7467000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF6E84000 C:\WINDOWS\System32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xEE2D7000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF5286000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF52D3000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF71D3000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 159744 bytes (Conexant Systems, HSF_HWB2 WDM driver)
0xF52FB000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xF51C8000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEF17F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6EB0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF71FA000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6E41000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF6ED4000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF52B1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF6E64000 C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF7538000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7570000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF6E0E000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 126976 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF744D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7558000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF51B0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7521000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6DCF000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF2D36000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6E2D000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF721E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF537B000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF2A76000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF758F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6DBE000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF775F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77BF000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF779F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF2F83000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF785F000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF762F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77AF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF760F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF781F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF764F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76CF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75FF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF780F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75EF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF784F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF783F000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF761F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF778F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF768F000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF2ECB000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xF782F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF769F000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF27F5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF763F000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF76DF000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78FF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF796F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78F7000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7907000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79AF000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF79EF000 C:\WINDOWS\system32\drivers\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver)
0xF786F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF790F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF793F000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))
0xF7917000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78EF000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF795F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF794F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7967000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7937000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7877000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7927000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF792F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF791F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF79DF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7ADB000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7AB7000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF4003000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A9F000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79FF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7AA7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A9B000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7AEB000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF346E000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7AAF000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF73A4000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7398000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B1B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B8B000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0xF7B0B000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7BA9000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B19000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AEF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B1D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B09000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B47000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF7B1F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B11000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B17000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AF1000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BBA000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C1F000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7C20000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7C50000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C21000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BB7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x03EC0000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x8305A588 ] PID: 896, 28672 bytes
0x03E40000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x8305A588 ] PID: 896, 45056 bytes
0x02E00000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x8305A588 ] PID: 896, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\Ron\Cookies\ron@ad.wsod[2].txt
!-->[Hidden] C:\Documents and Settings\Ron\Cookies\ron@questionmarket[2].txt
!-->[Hidden] C:\Documents and Settings\Ron\Cookies\ron@ytsa[2].txt
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\1281119970__;10,1,53,64;1024;768;http%3A_@2F_@2Ffinance.yahoo[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\bg-chevron[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\bg-tglow-sprite[1].png
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\bg[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA13O479
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA1OT8FN
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA44OHE1
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA4T0DXA
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA5W0EZT
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA71Z3GV
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA7GBSH3
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA81W98V
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA8HH5ZE
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA91YJCR
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAACOB3K
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAAHC49B
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CABC1SA3
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CABL936V
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAC7J2MP
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CACIVJFX
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAD11CNF
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAEFL9WQ
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAEQZHVH
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAEVMQON
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAF1K4CD
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAGVSS7Y
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAH1MYI8
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CALNYR2D
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CALQN82R
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAM9ULFI
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAMF89UL
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAOW3D0H
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAP3QC45
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAPY88FA
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAQZAHCR
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CASL1D0P
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAT8Q9WD
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CATKPM2K
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAW1GFY6
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAXFRJ0Q
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAZ1BH4P
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAZ1YSCS
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\combo[7]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\ET_LogoTextPO_No_120x30[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\FreeShipping79_large[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\imp[4]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\imp[5]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\nav_r4_c11[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\nav_r4_c2[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\spacer50[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\st[1]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\yfi_pf_top[1].js
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\1281120153__;10,1,53,64;1024;768;http%3A_@2F_@2Ffinance.yahoo[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\1[3].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\200x33_7_dNL[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\52[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\b[2].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\b[3].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\CAFPVGU8
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\finance_yahoo_com[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\imp[1]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\nav_r1_c1[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\nav_r4_c13[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\nav_r4_c4[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\rates_tabs_sprite[1].png
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\RSBCAJ8ZZ2ZCAQALCW2CA1YKKUGCAUGUOZUCAB3TNFHCASD5BE5CA0O6YD5CAWQMA7ACA21O4Z9CACPDG2FCA5MGXB2CAMRQLV8CA1UVU9ACANDHSJ9CAW81RYRCABWHGY9CAJ5M9JTCABL16SGCAU3TTXJCASFCDY9
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\SI5CAJ4ZQSICAHVTO3DCAQ271L8CAMS161XCAUY9RRECAFMCWJ9CA1S4QMTCAUJZD05CA0S7M14CA0TI8ZRCAMT1ZMSCAEVRCT7CAUJNCEZCAI2HIVPCAAX80CUCAWYA0R2CAXY8I1NCA8GSKL4CADPPA15CAB3ALAO
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\wbk3F4.tmp
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\_;ord=0[3].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\_;ord=1289059055747[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\3e913b13daf0b603e10f11fafbbcc0b3[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\69[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\button[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\bw_124x40-01[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\consumer_reports_135x40[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\icon-wallstreet[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\image;size=239x110[2].png
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\imp[3]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\nav_r2_c1[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\nav_r3_c1[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\nav_r4_c7[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\running-life[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\bg-tglow-base-white[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\button[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\b[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\b[2].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\ET_TradeFree_60Days_120x30[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\fmr[3].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\headline[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\icon-motley[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\iframe3[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\market_watch_96x27[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\nav_r2_c14[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\nav_r4_c6[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\200x33_7_cNL[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\35ef734d6dd96e724badd9b5f4352055[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\bg_doc_blue[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\bg_view_more[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\dot[3].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\facebook-share-iframe[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\image;size=239x110[1].png
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\nav_r1_c3[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\nav_r2_c12[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\nav_r4_c15[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\nav_r4_c5[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\randm[1].js
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\1281119959648570[2].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\ad[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\GiftCard2[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\icon-kiplinger[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\ie7[1].css
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\nav_r2_c8[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\nav_r3_c8[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\nav_r4_c10[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\restserver[2].php
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\st[1]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\tn48[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\visitor[2].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\_;ord=1285284897696[1]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\_;ord=1285858579783[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\combo[1].css
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\Investors-Are-Still-Behaving-nytimes-811354384[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\july-jobs-data-turns-up-heat-on-democrats[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\MobileOffer[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\nav_r2_c3[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\nav_r3_c3[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\nav_r4_c9[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\restserver[2].php
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\script2[1].js
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\yfi_pf[1].css
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\yoga-life[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\_;ord=1281120162125011[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\68[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\b[4].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\b[5].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\content-bg[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\deposits_lol_300x100_20k_g_v2[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\facebook-share-iframe[3].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\golf-life[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\icon-cnnmoney[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\nav_r1_c8[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\nav_r2_c16[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\nav_r4_c1[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\st[2].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\temp\~DFCA0.tmp
!-->[Hidden] C:\Program Files\TeleChart\User\RTC\06\VQ.mqu
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateFile, Type: Inline - RelativeJump 0x8056CF98-->F7423CA6 [mfehidk.sys]
ntoskrnl.exe-->NtCreateKey, Type: Inline - RelativeJump 0x80570833-->F7423D3D [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x805B14AC-->F7423C7C [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8057FE4C-->F7423C90 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80595316-->F7423D51 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x80592D64-->F7423D7D [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80570F41-->F7423DEB [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Inline - RelativeJump 0x80589A67-->F7423DD5 [mfehidk.sys]
ntoskrnl.exe-->NtLoadKey2, Type: Inline - RelativeJump 0x805AECB8-->F7423E01 [mfehidk.sys]
ntoskrnl.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x80573D41-->F7423CE6 [mfehidk.sys]
ntoskrnl.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80568D48-->F7423D29 [mfehidk.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x805719AC-->F7423C18 [mfehidk.sys]
ntoskrnl.exe-->NtOpenThread, Type: Inline - RelativeJump 0x8058E5C4-->F7423C2C [mfehidk.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x80571E96-->F7423CBA [mfehidk.sys]
ntoskrnl.exe-->NtQueryKey, Type: Inline - RelativeJump 0x80570C4A-->F7423E55 [mfehidk.sys]
ntoskrnl.exe-->NtQueryMultipleValueKey, Type: Inline - RelativeJump 0x8064E66B-->F7423DBF [mfehidk.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Inline - RelativeJump 0x8056A1F9-->F7423DA9 [mfehidk.sys]
ntoskrnl.exe-->NtRenameKey, Type: Inline - RelativeJump 0x8064EAEA-->F7423D67 [mfehidk.sys]
ntoskrnl.exe-->NtReplaceKey, Type: Inline - RelativeJump 0x8064F446-->F7423E41 [mfehidk.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Inline - RelativeJump 0x8064EFDD-->F7423E2D [mfehidk.sys]
ntoskrnl.exe-->NtSetContextThread, Type: Inline - RelativeJump 0x8062E057-->F7423C68 [mfehidk.sys]
ntoskrnl.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x8056DDD9-->F7423C54 [mfehidk.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x80572A6E-->F7423D93 [mfehidk.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x805824CC-->F7423D15 [mfehidk.sys]
ntoskrnl.exe-->NtUnloadKey, Type: Inline - RelativeJump 0x8064DD32-->F7423E17 [mfehidk.sys]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x805738C6-->F7423CFC [mfehidk.sys]
ntoskrnl.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x804F0EB6-->F7423CD0 [mfehidk.sys]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998439-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1060]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1104]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1152]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1516]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1516]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1516]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998439-->00000000 [unknown_code_page]
[1516]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1516]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1604]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[1604]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[1604]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[1604]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1604]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1604]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[1604]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[1604]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[1604]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040111C-->00000000 [shimeng.dll]
[1604]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00000000 [aclayers.dll]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010B8-->00000000 [aclayers.dll]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00401078-->00000000 [aclayers.dll]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1604]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1604]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[1604]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[1604]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1604]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[1604]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[1604]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[1604]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[1604]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1604]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1604]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998439-->00000000 [unknown_code_page]
[1604]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1604]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[1604]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00000000 [aclayers.dll]
[1604]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00000000 [aclayers.dll]
[1604]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00000000 [aclayers.dll]
[1604]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1604]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[1604]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1652]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1848]McProxy.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [McProxy.exe]
[1848]McProxy.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [McProxy.exe]
[2464]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2464]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2464]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2464]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2464]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2464]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2464]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2464]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[2464]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[2464]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998439-->00000000 [unknown_code_page]
[2464]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[2464]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[2464]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2464]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[3432]AcroRd32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00404058-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00404050-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[720]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[720]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[732]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[888]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[968]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]