Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uhh... redirect from search engine results


  • This topic is locked This topic is locked
23 replies to this topic

#1 Trappnguns

Trappnguns

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 02 October 2010 - 02:18 AM

In both IE7 and firefox when clicking on a link from a search I get redirected to another website. REDIRECT or JUMP shows up in "history" and the tabs. common website names have GATHI. something or other That is about the extent of what I know... ***EDIT*** Cant runt GMER, PC reboots when attempting.




DDS (Ver_10-03-17.01) - NTFSx86
Run by Marcus at 23:04:07.90 on Fri 10/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.834 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Marcus\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{4D40D801-09EF-20ED-2C69-C88C1F904D66}] "c:\documents and settings\marcus\application data\hezy\xoukt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Norton SystemWorks] "c:\program files\norton systemworks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - hxxp://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://tw.msi.com.tw/autobios/client/iftwclix.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141998395961
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: pohniu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marcus\applic~1\mozilla\firefox\profiles\foduqofk.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-25 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-9-25 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-9-25 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-25 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-9-25 233136]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-25 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-25 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-9-25 112592]
R2 nvTUNEP;MSI8928 nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2004-10-13 65348]
R2 nvtvSND;MSI8928 nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2004-10-13 18377]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-25 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-25 1141712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-9-25 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-9-25 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S0 Cdr4vsd;Cdr4vsd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 136176]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 Inimpurucl;Inimpurucl; [x]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [2004-10-13 15360]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]

=============== Created Last 30 ================

2010-09-29 19:19:27 0 d-----w- c:\program files\Bonjour
2010-09-26 01:12:41 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-26 01:12:41 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-26 01:12:40 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-25 23:33:13 882 ----a-w- c:\windows\RegSDImport.xml
2010-09-25 23:33:13 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-09-25 23:33:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-25 23:33:12 879 ----a-w- c:\windows\RegISSImport.xml
2010-09-25 23:33:12 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-25 23:33:12 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-09-25 23:33:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-25 23:33:12 131 ----a-w- c:\windows\IDB.zip
2010-09-25 23:33:12 1152444 ----a-w- c:\windows\UDB.zip
2010-09-25 23:33:11 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-25 23:33:02 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-09-25 23:33:02 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-25 23:32:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-25 23:32:49 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-09-25 23:32:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-09-25 23:32:49 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-25 23:32:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-09-25 23:32:30 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-25 23:31:58 0 d-----w- c:\program files\common files\PC Tools
2010-09-25 23:31:57 0 d-----w- c:\program files\Spyware Doctor
2010-09-25 23:31:57 0 d-----w- c:\docume~1\marcus\applic~1\PC Tools
2010-09-25 23:31:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-25 22:20:07 0 d--h--w- C:\$AVG
2010-09-25 21:57:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-25 21:57:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-25 21:57:01 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-25 21:56:53 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-25 21:54:18 0 d-----w- c:\program files\AVG
2010-09-25 21:54:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-25 21:29:29 2133536 ----a-w- c:\program files\avg_free_stb_all_9_115_cnet.exe
2010-09-25 20:58:34 125 ----a-w- C:\ioSpecial.ini
2010-09-25 19:49:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-24 22:20:32 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-09-24 22:20:28 0 d-----w- c:\program files\IObit
2010-09-24 04:52:44 0 d-----w- c:\program files\EMCO
2010-09-24 02:53:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-10-01 21:37:01 403917 ----a-w- c:\program files\wfl-1.pdf
2010-09-30 22:37:31 59460 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-09-04 19:09:24 33632 ----a-w- c:\docume~1\marcus\applic~1\wklnhst.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 02:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 02:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 02:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 02:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-03-22 22:52:51 5632 -csha-w- c:\program files\Thumbs.db
2008-03-04 18:47:09 0 -c--a-w- c:\program files\temp01
2005-03-07 00:01:43 20798256 -c--a-w- c:\program files\AdbeRdr70_enu_full.exe
2008-09-29 12:17:46 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 23:13:32.85 ===============

Edited by Trappnguns, 02 October 2010 - 11:53 AM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:26 PM

Posted 07 October 2010 - 11:41 PM

Hi,
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here. Post also contents of both dds.txt & attach.txt

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 09:20 AM

RKU report is attatched. File was too large to copy and paste. the DDS and attach are from OCT 1st.

thanks for the help!!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Marcus at 23:04:07.90 on Fri 10/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.834 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Marcus\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{4D40D801-09EF-20ED-2C69-C88C1F904D66}] "c:\documents and settings\marcus\application data\hezy\xoukt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Norton SystemWorks] "c:\program files\norton systemworks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - hxxp://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://tw.msi.com.tw/autobios/client/iftwclix.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141998395961
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: pohniu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marcus\applic~1\mozilla\firefox\profiles\foduqofk.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-25 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-9-25 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-9-25 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-25 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-9-25 233136]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-25 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-25 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-9-25 112592]
R2 nvTUNEP;MSI8928 nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2004-10-13 65348]
R2 nvtvSND;MSI8928 nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2004-10-13 18377]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-25 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-25 1141712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-9-25 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-9-25 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S0 Cdr4vsd;Cdr4vsd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 136176]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 Inimpurucl;Inimpurucl; [x]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [2004-10-13 15360]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]

=============== Created Last 30 ================

2010-09-29 19:19:27 0 d-----w- c:\program files\Bonjour
2010-09-26 01:12:41 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-26 01:12:41 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-26 01:12:40 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-25 23:33:13 882 ----a-w- c:\windows\RegSDImport.xml
2010-09-25 23:33:13 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-09-25 23:33:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-25 23:33:12 879 ----a-w- c:\windows\RegISSImport.xml
2010-09-25 23:33:12 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-25 23:33:12 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-09-25 23:33:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-25 23:33:12 131 ----a-w- c:\windows\IDB.zip
2010-09-25 23:33:12 1152444 ----a-w- c:\windows\UDB.zip
2010-09-25 23:33:11 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-25 23:33:02 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-09-25 23:33:02 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-25 23:32:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-25 23:32:49 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-09-25 23:32:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-09-25 23:32:49 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-25 23:32:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-09-25 23:32:30 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-25 23:31:58 0 d-----w- c:\program files\common files\PC Tools
2010-09-25 23:31:57 0 d-----w- c:\program files\Spyware Doctor
2010-09-25 23:31:57 0 d-----w- c:\docume~1\marcus\applic~1\PC Tools
2010-09-25 23:31:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-25 22:20:07 0 d--h--w- C:\$AVG
2010-09-25 21:57:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-25 21:57:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-25 21:57:01 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-25 21:56:53 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-25 21:54:18 0 d-----w- c:\program files\AVG
2010-09-25 21:54:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-25 21:29:29 2133536 ----a-w- c:\program files\avg_free_stb_all_9_115_cnet.exe
2010-09-25 20:58:34 125 ----a-w- C:\ioSpecial.ini
2010-09-25 19:49:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-24 22:20:32 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-09-24 22:20:28 0 d-----w- c:\program files\IObit
2010-09-24 04:52:44 0 d-----w- c:\program files\EMCO
2010-09-24 02:53:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-10-01 21:37:01 403917 ----a-w- c:\program files\wfl-1.pdf
2010-09-30 22:37:31 59460 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-09-04 19:09:24 33632 ----a-w- c:\docume~1\marcus\applic~1\wklnhst.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 02:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 02:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 02:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 02:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-03-22 22:52:51 5632 -csha-w- c:\program files\Thumbs.db
2008-03-04 18:47:09 0 -c--a-w- c:\program files\temp01
2005-03-07 00:01:43 20798256 -c--a-w- c:\program files\AdbeRdr70_enu_full.exe
2008-09-29 12:17:46 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 23:13:32.85 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/13/2004 10:15:27 PM
System Uptime: 10/1/2010 11:00:07 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-X
Processor: AMD Athlon™ XP 3200+ | Socket A | 2191/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 26.851 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP3: 7/4/2010 9:17:45 AM - System Checkpoint
RP4: 7/5/2010 10:09:03 AM - System Checkpoint
RP5: 7/6/2010 10:43:48 AM - System Checkpoint
RP6: 7/7/2010 10:44:27 AM - System Checkpoint
RP7: 7/8/2010 11:43:02 AM - System Checkpoint
RP8: 7/9/2010 12:43:01 PM - System Checkpoint
RP9: 7/10/2010 1:39:03 PM - System Checkpoint
RP10: 7/11/2010 2:55:55 PM - System Checkpoint
RP11: 7/12/2010 3:44:35 PM - System Checkpoint
RP12: 7/13/2010 4:08:40 PM - System Checkpoint
RP13: 7/13/2010 7:00:17 PM - Software Distribution Service 3.0
RP14: 7/14/2010 8:14:28 PM - System Checkpoint
RP15: 7/15/2010 8:34:00 PM - System Checkpoint
RP16: 7/16/2010 8:44:32 PM - System Checkpoint
RP17: 7/17/2010 9:25:32 PM - System Checkpoint
RP18: 7/18/2010 9:36:32 PM - System Checkpoint
RP19: 7/19/2010 10:31:00 PM - System Checkpoint
RP20: 7/20/2010 11:27:29 PM - System Checkpoint
RP21: 7/22/2010 12:22:02 AM - System Checkpoint
RP22: 7/23/2010 1:15:57 AM - System Checkpoint
RP23: 7/24/2010 2:11:30 AM - System Checkpoint
RP24: 7/25/2010 3:06:57 AM - System Checkpoint
RP25: 7/26/2010 4:02:08 AM - System Checkpoint
RP26: 7/27/2010 4:57:32 AM - System Checkpoint
RP27: 7/28/2010 5:53:01 AM - System Checkpoint
RP28: 7/29/2010 6:48:30 AM - System Checkpoint
RP29: 7/30/2010 7:59:53 AM - System Checkpoint
RP30: 7/31/2010 8:09:55 AM - System Checkpoint
RP31: 8/1/2010 8:35:12 AM - System Checkpoint
RP32: 8/2/2010 10:12:49 AM - System Checkpoint
RP33: 8/2/2010 7:00:23 PM - Software Distribution Service 3.0
RP34: 8/3/2010 7:24:08 PM - System Checkpoint
RP35: 8/4/2010 7:39:56 PM - System Checkpoint
RP36: 8/5/2010 8:38:38 PM - System Checkpoint
RP37: 8/6/2010 9:34:26 PM - System Checkpoint
RP38: 8/7/2010 10:06:55 PM - System Checkpoint
RP39: 8/8/2010 10:40:46 PM - System Checkpoint
RP40: 8/9/2010 11:35:27 PM - System Checkpoint
RP41: 8/11/2010 12:31:23 AM - System Checkpoint
RP42: 8/11/2010 7:00:21 PM - Software Distribution Service 3.0
RP43: 8/12/2010 8:46:46 PM - System Checkpoint
RP44: 8/13/2010 9:39:48 PM - System Checkpoint
RP45: 8/14/2010 10:33:23 PM - System Checkpoint
RP46: 8/15/2010 11:30:53 PM - System Checkpoint
RP47: 8/17/2010 12:25:35 AM - System Checkpoint
RP48: 8/18/2010 1:21:18 AM - System Checkpoint
RP49: 8/19/2010 2:15:31 AM - System Checkpoint
RP50: 8/20/2010 3:10:46 AM - System Checkpoint
RP51: 8/21/2010 4:06:13 AM - System Checkpoint
RP52: 8/22/2010 5:00:30 AM - System Checkpoint
RP53: 8/23/2010 5:53:50 AM - System Checkpoint
RP54: 8/24/2010 8:13:58 AM - System Checkpoint
RP55: 8/25/2010 8:43:38 AM - System Checkpoint
RP56: 8/26/2010 9:38:10 AM - System Checkpoint
RP57: 8/27/2010 10:32:52 AM - System Checkpoint
RP58: 8/28/2010 11:16:16 AM - System Checkpoint
RP59: 8/29/2010 11:23:13 AM - System Checkpoint
RP60: 8/30/2010 12:18:25 PM - System Checkpoint
RP61: 8/31/2010 2:14:06 PM - System Checkpoint
RP62: 9/1/2010 2:43:01 PM - System Checkpoint
RP63: 9/2/2010 3:03:48 PM - System Checkpoint
RP64: 9/3/2010 3:30:05 PM - System Checkpoint
RP65: 9/4/2010 3:32:46 PM - System Checkpoint
RP66: 9/5/2010 4:05:11 PM - System Checkpoint
RP67: 9/6/2010 5:04:52 PM - System Checkpoint
RP68: 9/7/2010 5:45:52 PM - System Checkpoint
RP69: 9/8/2010 6:40:19 PM - System Checkpoint
RP70: 9/9/2010 6:50:48 PM - System Checkpoint
RP71: 9/10/2010 7:44:39 PM - System Checkpoint
RP72: 9/11/2010 8:27:25 PM - System Checkpoint
RP73: 9/12/2010 8:54:29 PM - System Checkpoint
RP74: 9/13/2010 9:48:59 PM - System Checkpoint
RP75: 9/14/2010 10:43:41 PM - System Checkpoint
RP76: 9/15/2010 11:00:18 AM - Software Distribution Service 3.0
RP77: 9/16/2010 11:31:24 AM - System Checkpoint
RP78: 9/17/2010 12:26:50 PM - System Checkpoint
RP79: 9/18/2010 2:14:53 PM - System Checkpoint
RP80: 9/19/2010 3:29:39 PM - System Checkpoint
RP81: 9/20/2010 3:44:21 PM - System Checkpoint
RP82: 9/21/2010 4:15:14 PM - System Checkpoint
RP83: 9/22/2010 4:34:59 PM - System Checkpoint
RP84: 9/23/2010 3:56:21 PM - Installed Windows Defender
RP85: 9/23/2010 6:53:11 PM - avast! Free Antivirus Setup
RP86: 9/24/2010 7:18:55 PM - System Checkpoint
RP87: 9/25/2010 1:20:32 PM - Cleanup
RP88: 9/25/2010 1:54:01 PM - Installed AVG Free 9.0
RP89: 9/26/2010 8:11:53 AM - Avg Update
RP90: 9/26/2010 8:12:36 AM - Avg Update
RP91: 9/26/2010 8:11:12 PM - Installed Adobe Reader 8.2.0
RP92: 9/27/2010 8:29:10 PM - System Checkpoint
RP93: 9/28/2010 8:36:40 PM - System Checkpoint
RP94: 9/29/2010 7:00:20 PM - Software Distribution Service 3.0
RP95: 9/30/2010 7:09:28 PM - System Checkpoint
RP96: 10/1/2010 8:44:55 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
3D!Turbo Experience
4500_Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 8.2.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Defender 2.0.6.15
BufferChm
Camera Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CouponBar
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
Driver Installer
eSupportQFolder
Fax
Garmin Communicator Plugin
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
getPlus®_ocx
Google Earth Plug-in
Google Update Helper
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Memories Disc
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPProductAssistant
iPod for Windows 2006-06-28
IrfanView (remove only)
iTunes
J4500
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 20
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
LeapFrog Connect
LeapFrog Crammer Plugin
Logitech SetPoint
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Project Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.10)
MSVCSetup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NVIDIA Drivers
NVIDIA WDM Drivers
NVIDIA Windows 2000/XP nForce Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PowerDVD
ProductContext
PSSWCORE
QuickTime
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartWebPrintingOC
SolutionCenter
SPORE™
Spyware Doctor 7.0
Status
StorageSync Backup Software
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Crammer Plugin)
VideoToolkit01
VoiceOver Kit
WebFldrs XP
WebReg
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - OEM (mr97320) Image (04/20/2007 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid Codec 1.1.3
Yahoo! Photos Easy Upload Tool 1v6

==== Event Viewer Messages From Past Week ========

9/29/2010 11:23:54 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/27/2010 1:45:11 PM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
9/26/2010 8:13:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
9/25/2010 12:53:07 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/25/2010 12:51:47 PM, error: Service Control Manager [7031] - The Symantec AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/25/2010 12:44:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/25/2010 11:46:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/25/2010 11:46:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK7 aswSP aswTdi DumaNT eeCtrl Fips SAVRT SAVRTPEL SYMTDI
9/25/2010 11:46:02 AM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/25/2010 11:44:45 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/25/2010 11:44:45 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/25/2010 11:41:37 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
9/25/2010 11:41:04 AM, error: Service Control Manager [7000] - The WINBOND W55U01 USB service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================






#4 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 09:21 AM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3743744 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 61.77 )
0xB9E3F000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2461696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 61.77 )
0xBF3A4000 C:\WINDOWS\System32\NTOSKRNL.EXE 2191360 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB964D000 C:\WINDOWS\system32\drivers\nvmcp.sys 921600 bytes (NVIDIA Corporation, NVIDIA® nForce™ MCP APU Audio Library)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB822C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB972E000 C:\WINDOWS\system32\drivers\nvapu.sys 417792 bytes (NVIDIA Corporation, NVIDIA® nForce™ Audio Driver)
0xB97BC000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB83D0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB461E000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB81DD000 C:\WINDOWS\system32\DRIVERS\dumant.sys 323584 bytes (NVIDIA Corporation, DUMA NT Keyboard Filter)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB473D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8339000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF7431000 PCTCore.sys 225280 bytes (PC Tools, PC Tools KDS Core Driver)
0xB8399000 C:\WINDOWS\system32\drivers\pctgntdi.sys 225280 bytes (PC Tools, PC Tools Generic TDI Driver)
0xB81A9000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB981A000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7588000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB5757000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7853000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3329000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB82C4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8311000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7492000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB8373000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB4B80000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9872000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xBA0CF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xBA098000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB82EF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75B6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74B8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB716F000 C:\WINDOWS\system32\DRIVERS\nvcap.sys 118784 bytes
0xF7839000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF747A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7880000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB985B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5A5A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xBA0BB000 C:\WINDOWS\system32\DRIVERS\NVENET.sys 81920 bytes (NVIDIA Corporation, NVIDIA nForce MCP Networking Driver.)
0xB9E17000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9E2B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB8429000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9896000 C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 73728 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB963C000 C:\WINDOWS\system32\drivers\nvarm.sys 69632 bytes (NVIDIA Corporation, NVIDIA® nForce™ APU Resource Manager)
0xF7577000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB984A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF740F000 TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0xF7420000 TfSysMon.sys 69632 bytes (PC Tools, ThreatFire System Monitor)
0xBA214000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB9604000 C:\WINDOWS\system32\DRIVERS\nvtunep.sys 65536 bytes (NVIDIA Corporation, NVIDIA WDM TVTuner)
0xB489E000 C:\WINDOWS\system32\drivers\pctplsg.sys 65536 bytes (PC Tools, PC Tools SG Plugin Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF74F7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB7FFF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA798000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7557000 C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 57344 bytes (Logitech, Inc., Logitech PS/2 Mouse Filter Driver.)
0xF7697000 C:\WINDOWS\system32\drivers\nvax.sys 57344 bytes (NVIDIA Corporation, NVIDIA® nForce™ MCP Audio Enumerator)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF74E7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB95F4000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA7C8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB362F000 C:\WINDOWS\system32\drivers\TfNetMon.sys 49152 bytes (PC Tools, ThreatFire Network Monitor)
0xBA254000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF74D7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7687000 C:\WINDOWS\system32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA758000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB4C7C000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA7A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76B7000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA7B8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA264000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB48BE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7677000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77F7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7817000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF772F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB80FE000 C:\Program Files\Spyware Doctor\PCTSDInj32.sys 28672 bytes
0xF77FF000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF781F000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7787000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF777F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77E7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF77EF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys 20480 bytes (NVIDIA Corporation, NVIDIA WDM TV Sound)
0xB98F2000 C:\WINDOWS\system32\DRIVERS\NVxbar.sys 20480 bytes (NVIDIA Corporation, NVIDIA WDM A/V Crossbar)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7797000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF779F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF778F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF780F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB98FA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB573F000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xBA3C3000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.)
0xF7937000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB8189000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF789B000 nv_agp.sys 16384 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)
0xBA734000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA71C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA3BF000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xBA3BB000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB97B0000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF794B000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79BD000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79BB000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79BF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79A7000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79C1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79F1000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79F3000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A87000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA0F4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A85000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xF7A54000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A5C7AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x8A534DB0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF747A000 WARNING: suspicious driver modification [atapi.sys::0x8A5C7AEA]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\Chjw\dc6c88306c88078a\aaf67e0f-8d70-459c-a0cc-1096c1fd3c17
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\Chjw\dc6c88306c88078a\c1cbaf6d-a2a8-47f4-9208-a40200afdb1f
!-->[Hidden] C:\Documents and Settings\Marcus\Application Data\Mozilla\Firefox\Profiles\foduqofk.default\bookmarkbackups\bookmarks-2010-10-07.json
!-->[Hidden] C:\Documents and Settings\Marcus\Local Settings\Application Data\Mozilla\Firefox\Profiles\foduqofk.default\Cache\16B63A17d01
!-->[Hidden] C:\Documents and Settings\Marcus\Local Settings\Application Data\Mozilla\Firefox\Profiles\foduqofk.default\Cache\26BD96AFd01
!-->[Hidden] C:\Documents and Settings\Marcus\Local Settings\Application Data\Mozilla\Firefox\Profiles\foduqofk.default\Cache\D95BBB52d01
!-->[Hidden] C:\Program Files\Spyware Doctor\avdb\temp\TMP135.T-12ab\task.xml
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BABC, Type: Inline - RelativeJump 0x804E2ABC-->804E2B05 [ntoskrnl.exe]
[1008]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1008]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1008]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1008]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1008]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1008]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1008]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1008]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1008]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1008]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1008]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1024]iTunesHelper.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1060]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1060]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1060]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1060]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1060]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1060]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1060]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1060]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1060]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1136]avgtray.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1136]avgtray.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1136]avgtray.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1136]avgtray.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1136]avgtray.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1136]avgtray.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1136]avgtray.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1136]avgtray.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1136]avgtray.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1136]avgtray.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1148]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1148]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1148]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1148]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1148]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1148]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1148]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1148]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1148]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1148]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]


#5 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 09:25 AM

[1164]AppleMobileDeviceService.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1164]AppleMobileDeviceService.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll+0x000106F1, Type: Inline - PushRet 0x7C8106F1-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1176]pctsTray.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1228]avgchsvx.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1236]avgrsx.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1268]avgwdsvc.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1308]AdobeARM.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[132]jusched.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[132]jusched.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[132]jusched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[132]jusched.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[132]jusched.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[132]jusched.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[132]jusched.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[132]jusched.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[132]jusched.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[132]jusched.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[132]jusched.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[132]jusched.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[132]jusched.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1336]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1336]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1336]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1336]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1336]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1336]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1336]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]



[1336]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1336]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1336]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1336]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1352]SetPoint.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1416]mDNSResponder.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1452]avgcsrvx.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1460]ctfmon.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1612]hpqtra08.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1668]explorer.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1668]explorer.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1668]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1668]explorer.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1668]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1668]explorer.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1668]explorer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1668]explorer.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1668]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1668]explorer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1668]explorer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1668]explorer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1668]explorer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1668]explorer.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1668]explorer.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1668]explorer.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1668]explorer.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1668]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1668]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[1668]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1668]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1692]BDTUpdateService.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]

[1692]BDTUpdateService.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1692]BDTUpdateService.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1772]spoolsv.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[2068]TFService.exe-->kernel32.dll+0x00010640, Type: Inline - RelativeJump 0x7C810640-->00000000 [kernel32.dll]
[2068]TFService.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[2068]TFService.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[2068]TFService.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[2068]TFService.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[2164]hpqbam08.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[2708]KHALMNPR.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[2716]avgnsx.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[2904]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[2904]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[2904]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[2904]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[2904]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[2904]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[2904]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[2904]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[2904]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[2904]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[2904]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3120]jqs.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3120]jqs.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3120]jqs.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3120]jqs.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3120]jqs.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3120]jqs.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3120]jqs.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3120]jqs.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3120]jqs.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3120]jqs.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3120]jqs.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3260]CommandService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3260]CommandService.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3260]CommandService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3260]CommandService.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3260]CommandService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3260]CommandService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3260]CommandService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3260]CommandService.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3260]CommandService.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3260]CommandService.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3344]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3344]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3344]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3344]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3344]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3344]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3344]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3344]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3344]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3344]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3344]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3364]nvsvc32.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]

#6 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 09:27 AM

[3376]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3376]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3376]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3376]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3376]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3376]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3376]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3376]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3376]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3376]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3376]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3376]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3416]pctsAuxs.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3432]alg.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3432]alg.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3432]alg.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3432]alg.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3432]alg.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3432]alg.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3432]alg.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3432]alg.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3432]alg.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3432]alg.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3432]alg.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3468]sspipes.scr-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3468]sspipes.scr-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3468]sspipes.scr-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3468]sspipes.scr-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3468]sspipes.scr-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3468]sspipes.scr-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3468]sspipes.scr-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3468]sspipes.scr-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3468]sspipes.scr-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3468]sspipes.scr-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[3536]pctsSvc.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3608]hpqste08.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3712]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3712]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3712]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3712]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3712]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3712]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3712]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3712]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3712]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3712]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3712]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]



[3764]iPodService.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3764]iPodService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3764]iPodService.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3764]iPodService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3764]iPodService.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3764]iPodService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3764]iPodService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3764]iPodService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3764]iPodService.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3764]iPodService.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3764]iPodService.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3792]avgemc.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3792]avgemc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3792]avgemc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3792]avgemc.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3792]avgemc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3792]avgemc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3792]avgemc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3792]avgemc.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3792]avgemc.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3792]avgemc.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[3956]avgcsrvx.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[644]rundll32.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[644]rundll32.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[644]rundll32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[644]rundll32.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[644]rundll32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[644]rundll32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[644]rundll32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[644]rundll32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[644]rundll32.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[644]rundll32.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[644]rundll32.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[672]winlogon.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[672]winlogon.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[672]winlogon.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[672]winlogon.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[672]winlogon.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[708]jucheck.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[708]jucheck.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[708]jucheck.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[708]jucheck.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[708]jucheck.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[708]jucheck.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[708]jucheck.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[708]jucheck.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[708]jucheck.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[708]jucheck.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[708]jucheck.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[708]jucheck.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[708]jucheck.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[716]services.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]

[716]services.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[716]services.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[716]services.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[716]services.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[716]services.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[716]services.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[716]services.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[716]services.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[716]services.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[716]services.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[716]services.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[728]lsass.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[728]lsass.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[728]lsass.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[728]lsass.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[728]lsass.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[728]lsass.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[728]lsass.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[728]lsass.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[728]lsass.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[728]lsass.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[728]lsass.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[896]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[896]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[896]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[896]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[896]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[896]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[896]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - DirectJump 0x3D95F3A4-->00000000 [unknown_code_page]
[904]hpqgpc01.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - DirectJump 0x3D9A6DDF-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->AdjustTokenPrivileges, Type: Inline - DirectJump 0x77DDF00C-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E37211-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E373A9-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->LookupPrivilegeValueA, Type: Inline - DirectJump 0x77DFC238-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->LookupPrivilegeValueW, Type: Inline - DirectJump 0x77DFB8DF-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->LsaRemoveAccountRights, Type: Inline - DirectJump 0x77E1AC91-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: Inline - DirectJump 0x77DD798B-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->OpenSCManagerA, Type: Inline - DirectJump 0x77DF69AE-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->OpenSCManagerW, Type: Inline - DirectJump 0x77DE6F55-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - DirectJump 0x77DFBCF3-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - DirectJump 0x77DDE9F4-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - DirectJump 0x77DD776C-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - DirectJump 0x77DFBA55-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - DirectJump 0x77DE42A0-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - DirectJump 0x77DE559B-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - DirectJump 0x77DDEFC8-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - DirectJump 0x77DD7852-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - DirectJump 0x77DD6AAF-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - DirectJump 0x77DD7946-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegQueryValueA, Type: Inline - DirectJump 0x77DFBB8D-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - DirectJump 0x77DD7ABB-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - DirectJump 0x77DD6FFF-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegQueryValueW, Type: Inline - DirectJump 0x77DDD87A-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - DirectJump 0x77DDEAE7-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - DirectJump 0x77DDD767-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - DirectJump 0x7C8286EE-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - DirectJump 0x7C85F39C-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - DirectJump 0x7C827B32-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - DirectJump 0x7C82F87B-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateDirectoryA, Type: Inline - DirectJump 0x7C8217AC-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateDirectoryW, Type: Inline - DirectJump 0x7C832402-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - DirectJump 0x7C801A28-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - DirectJump 0x7C810800-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump 0x7C80E9DF-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateMutexW, Type: Inline - DirectJump 0x7C80E957-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C80236B-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802336-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - DirectJump 0x7C8104CC-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - DirectJump 0x7C8106D7-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateToolhelp32Snapshot, Type: Inline - DirectJump 0x7C865C7F-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->DebugActiveProcess, Type: Inline - DirectJump 0x7C85B0FB-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - DirectJump 0x7C831EDD-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - DirectJump 0x7C831F63-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->DeviceIoControl, Type: Inline - DirectJump 0x7C801629-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - DirectJump 0x7C80AE40-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->GetVolumeInformationA, Type: Inline - DirectJump 0x7C821BA5-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->GetVolumeInformationW, Type: Inline - DirectJump 0x7C80FA85-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - DirectJump 0x7C801D7B-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x7C801AF5-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - DirectJump 0x7C80AEEB-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->LoadResource, Type: Inline - DirectJump 0x7C80A055-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - DirectJump 0x7C835EBF-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - DirectJump 0x7C85E49B-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - DirectJump 0x7C83568B-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - DirectJump 0x7C821261-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->MultiByteToWideChar, Type: Inline - DirectJump 0x7C809C98-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->OpenMutexA, Type: Inline - DirectJump 0x7C80EABB-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->OpenMutexW, Type: Inline - DirectJump 0x7C80EA35-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - DirectJump 0x7C8309E9-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - DirectJump 0x7C863C09-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->TerminateProcess, Type: Inline - DirectJump 0x7C801E1A-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->TerminateThread, Type: Inline - DirectJump 0x7C81CB3B-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - DirectJump 0x7C809AF1-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - DirectJump 0x7C801AD4-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - DirectJump 0x7C801A61-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: Inline - DirectJump 0x7C80A174-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - DirectJump 0x7C86250D-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->WriteFile, Type: Inline - DirectJump 0x7C810E27-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - DirectJump 0x7C802213-->00000000 [unknown_code_page]
[964]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - DirectJump 0x7C90D46E-->00000000 [unknown_code_page]
[964]svchost.exe-->ntdll.dll-->NtSuspendProcess, Type: Inline - DirectJump 0x7C90DE2E-->00000000 [unknown_code_page]
[964]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - DirectJump 0x7CA411A8-->00000000 [unknown_code_page]
[964]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - DirectJump 0x7CA40E7D-->00000000 [unknown_code_page]
[964]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - DirectJump 0x7CA0991B-->00000000 [unknown_code_page]
[964]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - DirectJump 0x7CAB5E68-->00000000 [unknown_code_page]
[964]svchost.exe-->shell32.dll-->Shell_NotifyIcon, Type: Inline - DirectJump 0x7CA28C16-->00000000 [unknown_code_page]
[964]svchost.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - DirectJump 0x7CA2A587-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->CreateWindowExA, Type: Inline - DirectJump 0x7E42E4A9-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->CreateWindowExW, Type: Inline - DirectJump 0x7E42D0A3-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->DdeConnect, Type: Inline - DirectJump 0x7E4581C3-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->DrawTextA, Type: Inline - DirectJump 0x7E43C702-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->DrawTextW, Type: Inline - DirectJump 0x7E42D7E2-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->EndTask, Type: Inline - DirectJump 0x7E45A0A5-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - DirectJump 0x7E42A78F-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->GetKeyboardState, Type: Inline - DirectJump 0x7E42D226-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->GetKeyState, Type: Inline - DirectJump 0x7E429ED9-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->GetWindowTextA, Type: Inline - DirectJump 0x7E43216B-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->GetWindowTextW, Type: Inline - DirectJump 0x7E42A5CD-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->RegisterRawInputDevices, Type: Inline - DirectJump 0x7E46CE0E-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - DirectJump 0x7E431211-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - DirectJump 0x7E42820F-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->SetWindowTextA, Type: Inline - DirectJump 0x7E42F56B-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->SetWindowTextW, Type: Inline - DirectJump 0x7E42960E-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - DirectJump 0x7E4317F7-->00000000 [unknown_code_page]
[964]svchost.exe-->user32.dll-->ShowWindow, Type: Inline - DirectJump 0x7E42AF56-->00000000 [unknown_code_page]

#7 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 09:29 AM

Report from RKU wouldn't attach, too big. Pasted above in multiple sections.

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:26 PM

Posted 08 October 2010 - 10:59 AM

Hi,

QUOTE
the DDS and attach are from OCT 1st.

If the system has been used after OCT 1st I'd like to see fresh logs, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 03:46 PM

This is the DDS.txt



DDS (Ver_10-03-17.01) - NTFSx86
Run by Marcus at 12:35:38.82 on Fri 10/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.613 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marcus\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uWinlogon: Shell=c:\documents and settings\marcus\application data\hotfix.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{4D40D801-09EF-20ED-2C69-C88C1F904D66}] "c:\documents and settings\marcus\application data\hezy\xoukt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Norton SystemWorks] "c:\program files\norton systemworks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - hxxp://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://tw.msi.com.tw/autobios/client/iftwclix.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141998395961
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: pohniu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marcus\applic~1\mozilla\firefox\profiles\foduqofk.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-25 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-9-25 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-9-25 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-25 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-9-25 233136]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-25 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-25 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-9-25 112592]
R2 nvTUNEP;MSI8928 nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2004-10-13 65348]
R2 nvtvSND;MSI8928 nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2004-10-13 18377]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-25 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-25 1141712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-9-25 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-9-25 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S0 Cdr4vsd;Cdr4vsd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 136176]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 Inimpurucl;Inimpurucl; [x]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [2004-10-13 15360]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-4-3 14032]
UnknownUnknown Normandy;Normandy; [x]

=============== Created Last 30 ================

2010-10-02 07:27:39 0 ----a-w- c:\documents and settings\marcus\defogger_reenable
2010-09-29 19:19:27 0 d-----w- c:\program files\Bonjour
2010-09-26 01:12:41 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-26 01:12:41 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-26 01:12:40 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-25 23:33:13 882 ----a-w- c:\windows\RegSDImport.xml
2010-09-25 23:33:13 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-09-25 23:33:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-25 23:33:12 879 ----a-w- c:\windows\RegISSImport.xml
2010-09-25 23:33:12 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-25 23:33:12 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-09-25 23:33:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-25 23:33:12 131 ----a-w- c:\windows\IDB.zip
2010-09-25 23:33:12 1152444 ----a-w- c:\windows\UDB.zip
2010-09-25 23:33:11 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-25 23:33:02 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-09-25 23:33:02 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-25 23:32:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-25 23:32:49 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-09-25 23:32:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-09-25 23:32:49 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-25 23:32:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-09-25 23:32:30 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-25 23:31:58 0 d-----w- c:\program files\common files\PC Tools
2010-09-25 23:31:57 0 d-----w- c:\program files\Spyware Doctor
2010-09-25 23:31:57 0 d-----w- c:\docume~1\marcus\applic~1\PC Tools
2010-09-25 23:31:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-25 22:20:07 0 d--h--w- C:\$AVG
2010-09-25 21:57:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-25 21:57:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-25 21:57:01 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-25 21:56:53 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-25 21:54:18 0 d-----w- c:\program files\AVG
2010-09-25 21:54:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-25 21:29:29 2133536 ----a-w- c:\program files\avg_free_stb_all_9_115_cnet.exe
2010-09-25 20:58:34 125 ----a-w- C:\ioSpecial.ini
2010-09-25 19:49:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-24 22:20:32 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-09-24 22:20:28 0 d-----w- c:\program files\IObit
2010-09-24 04:52:44 0 d-----w- c:\program files\EMCO
2010-09-24 02:53:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-10-08 01:41:56 33782 ----a-w- c:\docume~1\marcus\applic~1\wklnhst.dat
2010-10-01 21:37:01 403917 ----a-w- c:\program files\wfl-1.pdf
2010-09-30 22:37:31 59460 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 02:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 02:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 02:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 02:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-03-22 22:52:51 5632 -csha-w- c:\program files\Thumbs.db
2008-03-04 18:47:09 0 -c--a-w- c:\program files\temp01
2005-03-07 00:01:43 20798256 -c--a-w- c:\program files\AdbeRdr70_enu_full.exe
2008-09-29 12:17:46 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 12:41:45.25 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/13/2004 10:15:27 PM
System Uptime: 10/7/2010 9:15:57 PM (15 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-X
Processor: AMD Athlon™ XP 3200+ | Socket A | 2191/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 26.615 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP9: 7/10/2010 1:39:03 PM - System Checkpoint
RP10: 7/11/2010 2:55:55 PM - System Checkpoint
RP11: 7/12/2010 3:44:35 PM - System Checkpoint
RP12: 7/13/2010 4:08:40 PM - System Checkpoint
RP13: 7/13/2010 7:00:17 PM - Software Distribution Service 3.0
RP14: 7/14/2010 8:14:28 PM - System Checkpoint
RP15: 7/15/2010 8:34:00 PM - System Checkpoint
RP16: 7/16/2010 8:44:32 PM - System Checkpoint
RP17: 7/17/2010 9:25:32 PM - System Checkpoint
RP18: 7/18/2010 9:36:32 PM - System Checkpoint
RP19: 7/19/2010 10:31:00 PM - System Checkpoint
RP20: 7/20/2010 11:27:29 PM - System Checkpoint
RP21: 7/22/2010 12:22:02 AM - System Checkpoint
RP22: 7/23/2010 1:15:57 AM - System Checkpoint
RP23: 7/24/2010 2:11:30 AM - System Checkpoint
RP24: 7/25/2010 3:06:57 AM - System Checkpoint
RP25: 7/26/2010 4:02:08 AM - System Checkpoint
RP26: 7/27/2010 4:57:32 AM - System Checkpoint
RP27: 7/28/2010 5:53:01 AM - System Checkpoint
RP28: 7/29/2010 6:48:30 AM - System Checkpoint
RP29: 7/30/2010 7:59:53 AM - System Checkpoint
RP30: 7/31/2010 8:09:55 AM - System Checkpoint
RP31: 8/1/2010 8:35:12 AM - System Checkpoint
RP32: 8/2/2010 10:12:49 AM - System Checkpoint
RP33: 8/2/2010 7:00:23 PM - Software Distribution Service 3.0
RP34: 8/3/2010 7:24:08 PM - System Checkpoint
RP35: 8/4/2010 7:39:56 PM - System Checkpoint
RP36: 8/5/2010 8:38:38 PM - System Checkpoint
RP37: 8/6/2010 9:34:26 PM - System Checkpoint
RP38: 8/7/2010 10:06:55 PM - System Checkpoint
RP39: 8/8/2010 10:40:46 PM - System Checkpoint
RP40: 8/9/2010 11:35:27 PM - System Checkpoint
RP41: 8/11/2010 12:31:23 AM - System Checkpoint
RP42: 8/11/2010 7:00:21 PM - Software Distribution Service 3.0
RP43: 8/12/2010 8:46:46 PM - System Checkpoint
RP44: 8/13/2010 9:39:48 PM - System Checkpoint
RP45: 8/14/2010 10:33:23 PM - System Checkpoint
RP46: 8/15/2010 11:30:53 PM - System Checkpoint
RP47: 8/17/2010 12:25:35 AM - System Checkpoint
RP48: 8/18/2010 1:21:18 AM - System Checkpoint
RP49: 8/19/2010 2:15:31 AM - System Checkpoint
RP50: 8/20/2010 3:10:46 AM - System Checkpoint
RP51: 8/21/2010 4:06:13 AM - System Checkpoint
RP52: 8/22/2010 5:00:30 AM - System Checkpoint
RP53: 8/23/2010 5:53:50 AM - System Checkpoint
RP54: 8/24/2010 8:13:58 AM - System Checkpoint
RP55: 8/25/2010 8:43:38 AM - System Checkpoint
RP56: 8/26/2010 9:38:10 AM - System Checkpoint
RP57: 8/27/2010 10:32:52 AM - System Checkpoint
RP58: 8/28/2010 11:16:16 AM - System Checkpoint
RP59: 8/29/2010 11:23:13 AM - System Checkpoint
RP60: 8/30/2010 12:18:25 PM - System Checkpoint
RP61: 8/31/2010 2:14:06 PM - System Checkpoint
RP62: 9/1/2010 2:43:01 PM - System Checkpoint
RP63: 9/2/2010 3:03:48 PM - System Checkpoint
RP64: 9/3/2010 3:30:05 PM - System Checkpoint
RP65: 9/4/2010 3:32:46 PM - System Checkpoint
RP66: 9/5/2010 4:05:11 PM - System Checkpoint
RP67: 9/6/2010 5:04:52 PM - System Checkpoint
RP68: 9/7/2010 5:45:52 PM - System Checkpoint
RP69: 9/8/2010 6:40:19 PM - System Checkpoint
RP70: 9/9/2010 6:50:48 PM - System Checkpoint
RP71: 9/10/2010 7:44:39 PM - System Checkpoint
RP72: 9/11/2010 8:27:25 PM - System Checkpoint
RP73: 9/12/2010 8:54:29 PM - System Checkpoint
RP74: 9/13/2010 9:48:59 PM - System Checkpoint
RP75: 9/14/2010 10:43:41 PM - System Checkpoint
RP76: 9/15/2010 11:00:18 AM - Software Distribution Service 3.0
RP77: 9/16/2010 11:31:24 AM - System Checkpoint
RP78: 9/17/2010 12:26:50 PM - System Checkpoint
RP79: 9/18/2010 2:14:53 PM - System Checkpoint
RP80: 9/19/2010 3:29:39 PM - System Checkpoint
RP81: 9/20/2010 3:44:21 PM - System Checkpoint
RP82: 9/21/2010 4:15:14 PM - System Checkpoint
RP83: 9/22/2010 4:34:59 PM - System Checkpoint
RP84: 9/23/2010 3:56:21 PM - Installed Windows Defender
RP85: 9/23/2010 6:53:11 PM - avast! Free Antivirus Setup
RP86: 9/24/2010 7:18:55 PM - System Checkpoint
RP87: 9/25/2010 1:20:32 PM - Cleanup
RP88: 9/25/2010 1:54:01 PM - Installed AVG Free 9.0
RP89: 9/26/2010 8:11:53 AM - Avg Update
RP90: 9/26/2010 8:12:36 AM - Avg Update
RP91: 9/26/2010 8:11:12 PM - Installed Adobe Reader 8.2.0
RP92: 9/27/2010 8:29:10 PM - System Checkpoint
RP93: 9/28/2010 8:36:40 PM - System Checkpoint
RP94: 9/29/2010 7:00:20 PM - Software Distribution Service 3.0
RP95: 9/30/2010 7:09:28 PM - System Checkpoint
RP96: 10/1/2010 8:44:55 PM - System Checkpoint
RP97: 10/3/2010 9:43:22 AM - System Checkpoint
RP98: 10/4/2010 9:47:48 AM - Avg Update
RP99: 10/5/2010 10:31:37 AM - System Checkpoint
RP100: 10/6/2010 11:26:28 AM - System Checkpoint
RP101: 10/6/2010 7:00:19 PM - Software Distribution Service 3.0
RP102: 10/7/2010 7:00:19 PM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
3D!Turbo Experience
4500_Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 8.2.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Defender 2.0.6.15
BufferChm
Camera Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CouponBar
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
Driver Installer
eSupportQFolder
Fax
Garmin Communicator Plugin
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
getPlus®_ocx
Google Earth Plug-in
Google Update Helper
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Memories Disc
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPProductAssistant
iPod for Windows 2006-06-28
IrfanView (remove only)
iTunes
J4500
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 20
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
LeapFrog Connect
LeapFrog Crammer Plugin
Logitech SetPoint
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Project Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.10)
MSVCSetup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NVIDIA Drivers
NVIDIA WDM Drivers
NVIDIA Windows 2000/XP nForce Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PowerDVD
ProductContext
PSSWCORE
QuickTime
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartWebPrintingOC
SolutionCenter
SPORE™
Spyware Doctor 7.0
Status
StorageSync Backup Software
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Crammer Plugin)
VideoToolkit01
VoiceOver Kit
WebFldrs XP
WebReg
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - OEM (mr97320) Image (04/20/2007 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid Codec 1.1.3
Yahoo! Photos Easy Upload Tool 1v6

==== Event Viewer Messages From Past Week ========

10/7/2010 5:39:23 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
10/7/2010 5:39:23 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/7/2010 5:39:23 PM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
10/7/2010 5:39:23 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/4/2010 9:48:48 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
10/1/2010 11:04:12 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/1/2010 11:04:12 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
10/1/2010 11:03:59 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
10/1/2010 11:02:27 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/1/2010 11:02:27 PM, error: Service Control Manager [7000] - The WINBOND W55U01 USB service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:26 PM

Posted 08 October 2010 - 03:48 PM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 03:50 PM

I don't know how to ZIP, so i posted the logs. I have been using my PC since OCT 1st. The most recent change of issues is yesterday it redirected to porntube and then a bunch of warnings came up from either AVG or spydoctor. I disconnected from the internet and plugged it back in after everything quit coming up. i will quit using this PC until we get the problem solved.

Thanks again

#12 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 04:26 PM

Downloaded combofix to the desktop,and read the tutorial. attempted to run with no joy. I get the digital signature security alert, select run, and I do not get the blue C/ screen. I have disabled windows firewall, avg 9 (resident shield only), and pctools spy doctor. Restarted PC and tried combofix with the above results.

#13 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 October 2010 - 11:43 PM

Combo fix is running now, had to rename to get it to run. Will post logs when run is complete. Thanks.

#14 Trappnguns

Trappnguns
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 09 October 2010 - 12:21 AM

ComboFix 10-10-07.02 - Marcus 10/08/2010 21:05:46.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1015 [GMT -8:00]
Running from: c:\documents and settings\Marcus\Desktop\ComFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marcus\Application Data\Hezy\xoukt.exe
c:\documents and settings\Marcus\Local Settings\Application Data\Windows Server
c:\documents and settings\Marcus\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Marcus\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Marcus\My Documents\DPE.DUS
c:\documents and settings\Marcus\Recent\Thumbs.db
c:\documents and settings\Marcus\System
c:\documents and settings\Marcus\System\win_qs7.jqx
C:\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\jestertb.dll
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-04 17:47 . 2010-10-04 17:47 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-04 17:47 . 2010-10-04 17:47 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-04 17:47 . 2010-10-04 17:47 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-09-29 19:19 . 2010-09-29 19:20 -------- d-----w- c:\program files\Bonjour
2010-09-29 02:13 . 2010-09-29 02:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-09-27 22:08 . 2010-10-09 04:42 0 ----a-w- c:\documents and settings\Marcus\Local Settings\Application Data\prvlcl.dat
2010-09-26 16:12 . 2010-09-26 16:12 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-26 16:12 . 2010-09-26 16:12 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-26 16:12 . 2010-09-26 16:12 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-26 16:12 . 2010-09-26 16:12 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-26 16:12 . 2010-09-26 16:12 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-26 16:12 . 2010-09-26 16:12 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-26 16:12 . 2010-09-26 16:12 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-26 16:11 . 2010-09-26 16:11 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-26 05:11 . 2010-09-26 05:11 -------- d-----w- c:\documents and settings\Marcus\Local Settings\Application Data\Threat Expert
2010-09-26 01:12 . 2010-02-02 18:13 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-26 01:12 . 2010-02-02 18:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-26 01:12 . 2010-02-02 18:13 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-25 23:33 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-25 23:33 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-25 23:33 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-25 23:33 . 2009-10-28 09:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-25 23:33 . 2008-11-26 20:08 131 ----a-w- c:\windows\IDB.zip
2010-09-25 23:33 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-25 23:33 . 2010-02-05 17:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-25 23:32 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-25 23:32 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-25 23:32 . 2010-02-05 17:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-25 23:31 . 2010-09-25 23:33 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-25 23:31 . 2010-10-08 20:55 -------- d-----w- c:\program files\Spyware Doctor
2010-09-25 23:31 . 2010-09-26 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-25 23:31 . 2010-09-25 23:31 -------- d-----w- c:\documents and settings\Marcus\Application Data\PC Tools
2010-09-25 22:20 . 2010-09-25 22:20 -------- d-----w- C:\$AVG
2010-09-25 21:57 . 2010-09-25 21:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-25 21:57 . 2010-09-25 21:57 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-25 21:57 . 2010-09-25 21:57 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-25 21:56 . 2010-09-25 21:57 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-25 21:56 . 2010-10-09 01:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-25 21:54 . 2010-09-25 21:54 -------- d-----w- c:\program files\AVG
2010-09-25 21:54 . 2010-09-29 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-25 21:29 . 2010-09-25 21:36 2133536 ----a-w- c:\program files\avg_free_stb_all_9_115_cnet.exe
2010-09-25 19:49 . 2010-09-25 19:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-24 22:20 . 2010-09-24 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-09-24 22:20 . 2010-09-24 22:20 -------- d-----w- c:\program files\IObit
2010-09-24 04:52 . 2010-09-24 04:52 -------- d-----w- c:\program files\EMCO
2010-09-24 02:53 . 2010-09-24 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-23 23:56 . 2010-09-23 23:56 -------- d-----w- c:\program files\Windows Defender
2010-09-23 23:34 . 2010-09-23 23:34 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-12 15:35 . 2010-09-12 15:35 -------- d-----w- c:\program files\QuickTime
2010-09-12 15:28 . 2010-09-12 15:28 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 05:03 . 2008-02-29 00:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-08 01:41 . 2004-11-07 13:00 33782 ----a-w- c:\documents and settings\Marcus\Application Data\wklnhst.dat
2010-10-01 21:37 . 2010-10-01 21:36 403917 ----a-w- c:\program files\wfl-1.pdf
2010-10-01 14:38 . 2007-12-11 12:42 -------- d-----w- c:\program files\Coupons
2010-09-30 22:37 . 2009-11-06 21:50 59460 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-09-27 04:11 . 2004-10-14 08:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-25 21:22 . 2004-10-14 06:21 76320 -c--a-w- c:\documents and settings\Marcus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-25 21:17 . 2005-11-04 12:47 -------- d-----w- c:\program files\Yahoo!
2010-09-25 21:15 . 2005-09-10 19:14 -------- d--h--r- c:\documents and settings\Marcus\Application Data\yahoo!
2010-09-25 21:15 . 2005-09-10 19:13 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2010-09-25 21:15 . 2006-03-02 19:14 -------- d-----w- c:\program files\Common Files\Scanner
2010-09-25 21:13 . 2006-10-10 18:31 -------- d-----w- c:\program files\GameHouse
2010-09-25 21:12 . 2009-03-06 12:49 -------- d-----w- c:\program files\Symantec
2010-09-25 21:12 . 2004-10-14 07:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-25 21:12 . 2009-03-06 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-25 21:12 . 2007-10-10 02:06 -------- d-----w- c:\program files\Symantec AntiVirus
2010-09-25 21:08 . 2008-09-21 17:17 -------- d-----w- c:\program files\MARS
2010-09-25 21:06 . 2008-04-15 14:44 -------- d-----w- c:\program files\Oberon Media
2010-09-25 20:59 . 2004-10-25 17:53 -------- d-----w- c:\program files\DesignPro
2010-09-25 20:58 . 2004-10-14 06:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-24 02:53 . 2009-01-22 16:36 -------- d-----w- c:\program files\Alwil Software
2010-09-16 22:55 . 2006-08-29 20:07 -------- d-----w- c:\program files\Google
2010-09-12 15:39 . 2010-03-20 19:05 -------- d-----w- c:\program files\iTunes
2010-09-12 15:38 . 2006-07-12 03:28 -------- d-----w- c:\program files\iPod
2010-09-12 15:38 . 2007-06-30 16:08 -------- d-----w- c:\program files\Common Files\Apple
2010-08-17 13:17 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-07 19:17 . 2010-08-07 19:17 503808 ----a-w- c:\documents and settings\Marcus\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-515e6ec8-n\msvcp71.dll
2010-08-07 19:17 . 2010-08-07 19:17 499712 ----a-w- c:\documents and settings\Marcus\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-515e6ec8-n\jmc.dll
2010-08-07 19:17 . 2010-08-07 19:17 348160 ----a-w- c:\documents and settings\Marcus\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-515e6ec8-n\msvcr71.dll
2010-08-07 19:17 . 2010-08-07 19:17 61440 ----a-w- c:\documents and settings\Marcus\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63505a19-n\decora-sse.dll
2010-08-07 19:17 . 2010-08-07 19:17 12800 ----a-w- c:\documents and settings\Marcus\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63505a19-n\decora-d3d.dll
2010-07-28 02:44 . 2010-07-28 02:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 02:44 . 2010-07-28 02:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 02:44 . 2010-07-28 02:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 02:44 . 2010-07-28 02:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2004-08-04 01:07 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 10:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-03-22 22:52 . 2008-12-25 19:12 5632 -csha-w- c:\program files\Thumbs.db
2008-03-04 18:47 . 2008-03-04 18:47 0 -c--a-w- c:\program files\temp01
2005-03-07 00:01 . 2005-03-06 23:48 20798256 -c--a-w- c:\program files\AdbeRdr70_enu_full.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"NVCLOCK"="nvclock.dll" [2003-04-14 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-04-04 777424]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-8-15 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-15 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-25 21:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 16:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2010 3:32 PM 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/25/2010 5:12 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/25/2010 5:12 PM 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/25/2010 1:57 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/25/2010 1:57 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/25/2010 3:33 PM 233136]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [9/25/2010 1:55 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/25/2010 1:55 PM 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/25/2010 3:33 PM 112592]
R2 nvTUNEP;MSI8928 nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [10/13/2004 10:38 PM 65348]
R2 nvtvSND;MSI8928 nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [10/13/2004 10:38 PM 18377]
S0 Cdr4vsd;Cdr4vsd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2010 7:42 PM 136176]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 1:14 PM 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 9:00 AM 59648]
S3 Inimpurucl;Inimpurucl; [x]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [10/13/2004 10:56 PM 15360]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [9/25/2010 3:32 PM 70408]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2010 3:32 PM 365280]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/25/2010 5:12 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 03:42]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 03:42]

2010-10-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-04 00:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
FF - ProfilePath - c:\documents and settings\Marcus\Application Data\Mozilla\Firefox\Profiles\foduqofk.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{4D40D801-09EF-20ED-2C69-C88C1F904D66} - c:\documents and settings\Marcus\Application Data\Hezy\xoukt.exe
HKU-Default-Run-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe
Notify-NavLogon - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-583907252-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:94,17,81,7a,78,35,68,04,8d,69,cf,80,d9,fe,9a,6b,5b,c6,fa,7d,a1,
22,6f,0a,3c,e8,4c,17,7a,a3,20,c8,a6,60,4a,3f,8d,1f,ea,96,82,56,55,d0,35,a7,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(720)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-10-08 21:16:17
ComboFix-quarantined-files.txt 2010-10-09 05:16

Pre-Run: 28,452,589,568 bytes free
Post-Run: 29,167,009,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FEB6F023E6B10248273C8ADE823CC9F7



DDS (Ver_10-03-17.01) - NTFSx86
Run by Marcus at 21:18:23.57 on Fri 10/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1008 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Marcus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01118A01-3E00-11D2-8470-0060089874ED} - hxxps://password.bellsouth.net/sdccommon/download/tgctlsr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - hxxp://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://tw.msi.com.tw/autobios/client/iftwclix.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141998395961
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marcus\applic~1\mozilla\firefox\profiles\foduqofk.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-25 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-9-25 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-9-25 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-25 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-9-25 233136]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-25 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-25 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-9-25 112592]
R2 nvTUNEP;MSI8928 nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2004-10-13 65348]
R2 nvtvSND;MSI8928 nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2004-10-13 18377]
S0 Cdr4vsd;Cdr4vsd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 136176]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
S3 Inimpurucl;Inimpurucl; [x]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [2004-10-13 15360]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-9-25 70408]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-25 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-25 1141712]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-9-25 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-4-3 14032]

=============== Created Last 30 ================

2010-10-09 04:57:28 0 d-sha-r- C:\cmdcons
2010-10-09 04:43:00 98816 ----a-w- c:\windows\sed.exe
2010-10-09 04:43:00 77312 ----a-w- c:\windows\MBR.exe
2010-10-09 04:43:00 256512 ----a-w- c:\windows\PEV.exe
2010-10-09 04:43:00 161792 ----a-w- c:\windows\SWREG.exe
2010-10-09 04:42:41 0 d-----w- C:\ComFix
2010-10-02 07:27:39 0 ----a-w- c:\documents and settings\marcus\defogger_reenable
2010-09-29 19:19:27 0 d-----w- c:\program files\Bonjour
2010-09-26 01:12:41 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-26 01:12:41 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-26 01:12:40 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-25 23:33:13 882 ----a-w- c:\windows\RegSDImport.xml
2010-09-25 23:33:13 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-09-25 23:33:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-25 23:33:12 879 ----a-w- c:\windows\RegISSImport.xml
2010-09-25 23:33:12 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-25 23:33:12 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-09-25 23:33:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-25 23:33:12 131 ----a-w- c:\windows\IDB.zip
2010-09-25 23:33:12 1152444 ----a-w- c:\windows\UDB.zip
2010-09-25 23:33:11 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-25 23:33:02 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-09-25 23:33:02 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-25 23:32:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-25 23:32:49 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-09-25 23:32:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-09-25 23:32:49 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-25 23:32:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-09-25 23:32:30 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-25 23:31:58 0 d-----w- c:\program files\common files\PC Tools
2010-09-25 23:31:57 0 d-----w- c:\program files\Spyware Doctor
2010-09-25 23:31:57 0 d-----w- c:\docume~1\marcus\applic~1\PC Tools
2010-09-25 23:31:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-25 22:20:07 0 d-----w- C:\$AVG
2010-09-25 21:57:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-25 21:57:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-25 21:57:01 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-25 21:56:53 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-25 21:54:18 0 d-----w- c:\program files\AVG
2010-09-25 21:54:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-09-25 21:29:29 2133536 ----a-w- c:\program files\avg_free_stb_all_9_115_cnet.exe
2010-09-25 20:58:34 125 ----a-w- C:\ioSpecial.ini
2010-09-25 19:49:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-24 22:20:32 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-09-24 22:20:28 0 d-----w- c:\program files\IObit
2010-09-24 04:52:44 0 d-----w- c:\program files\EMCO
2010-09-24 02:53:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-10-08 01:41:56 33782 ----a-w- c:\docume~1\marcus\applic~1\wklnhst.dat
2010-10-01 21:37:01 403917 ----a-w- c:\program files\wfl-1.pdf
2010-09-30 22:37:31 59460 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 02:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 02:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 02:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 02:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-03-22 22:52:51 5632 -csha-w- c:\program files\Thumbs.db
2008-03-04 18:47:09 0 -c--a-w- c:\program files\temp01
2005-03-07 00:01:43 20798256 -c--a-w- c:\program files\AdbeRdr70_enu_full.exe
2008-09-29 12:17:46 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 21:18:35.60 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/13/2004 10:15:27 PM
System Uptime: 10/8/2010 9:02:18 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-X
Processor: AMD Athlon™ XP 3200+ | Socket A | 2191/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 27.201 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP10: 7/11/2010 2:55:55 PM - System Checkpoint
RP11: 7/12/2010 3:44:35 PM - System Checkpoint
RP12: 7/13/2010 4:08:40 PM - System Checkpoint
RP13: 7/13/2010 7:00:17 PM - Software Distribution Service 3.0
RP14: 7/14/2010 8:14:28 PM - System Checkpoint
RP15: 7/15/2010 8:34:00 PM - System Checkpoint
RP16: 7/16/2010 8:44:32 PM - System Checkpoint
RP17: 7/17/2010 9:25:32 PM - System Checkpoint
RP18: 7/18/2010 9:36:32 PM - System Checkpoint
RP19: 7/19/2010 10:31:00 PM - System Checkpoint
RP20: 7/20/2010 11:27:29 PM - System Checkpoint
RP21: 7/22/2010 12:22:02 AM - System Checkpoint
RP22: 7/23/2010 1:15:57 AM - System Checkpoint
RP23: 7/24/2010 2:11:30 AM - System Checkpoint
RP24: 7/25/2010 3:06:57 AM - System Checkpoint
RP25: 7/26/2010 4:02:08 AM - System Checkpoint
RP26: 7/27/2010 4:57:32 AM - System Checkpoint
RP27: 7/28/2010 5:53:01 AM - System Checkpoint
RP28: 7/29/2010 6:48:30 AM - System Checkpoint
RP29: 7/30/2010 7:59:53 AM - System Checkpoint
RP30: 7/31/2010 8:09:55 AM - System Checkpoint
RP31: 8/1/2010 8:35:12 AM - System Checkpoint
RP32: 8/2/2010 10:12:49 AM - System Checkpoint
RP33: 8/2/2010 7:00:23 PM - Software Distribution Service 3.0
RP34: 8/3/2010 7:24:08 PM - System Checkpoint
RP35: 8/4/2010 7:39:56 PM - System Checkpoint
RP36: 8/5/2010 8:38:38 PM - System Checkpoint
RP37: 8/6/2010 9:34:26 PM - System Checkpoint
RP38: 8/7/2010 10:06:55 PM - System Checkpoint
RP39: 8/8/2010 10:40:46 PM - System Checkpoint
RP40: 8/9/2010 11:35:27 PM - System Checkpoint
RP41: 8/11/2010 12:31:23 AM - System Checkpoint
RP42: 8/11/2010 7:00:21 PM - Software Distribution Service 3.0
RP43: 8/12/2010 8:46:46 PM - System Checkpoint
RP44: 8/13/2010 9:39:48 PM - System Checkpoint
RP45: 8/14/2010 10:33:23 PM - System Checkpoint
RP46: 8/15/2010 11:30:53 PM - System Checkpoint
RP47: 8/17/2010 12:25:35 AM - System Checkpoint
RP48: 8/18/2010 1:21:18 AM - System Checkpoint
RP49: 8/19/2010 2:15:31 AM - System Checkpoint
RP50: 8/20/2010 3:10:46 AM - System Checkpoint
RP51: 8/21/2010 4:06:13 AM - System Checkpoint
RP52: 8/22/2010 5:00:30 AM - System Checkpoint
RP53: 8/23/2010 5:53:50 AM - System Checkpoint
RP54: 8/24/2010 8:13:58 AM - System Checkpoint
RP55: 8/25/2010 8:43:38 AM - System Checkpoint
RP56: 8/26/2010 9:38:10 AM - System Checkpoint
RP57: 8/27/2010 10:32:52 AM - System Checkpoint
RP58: 8/28/2010 11:16:16 AM - System Checkpoint
RP59: 8/29/2010 11:23:13 AM - System Checkpoint
RP60: 8/30/2010 12:18:25 PM - System Checkpoint
RP61: 8/31/2010 2:14:06 PM - System Checkpoint
RP62: 9/1/2010 2:43:01 PM - System Checkpoint
RP63: 9/2/2010 3:03:48 PM - System Checkpoint
RP64: 9/3/2010 3:30:05 PM - System Checkpoint
RP65: 9/4/2010 3:32:46 PM - System Checkpoint
RP66: 9/5/2010 4:05:11 PM - System Checkpoint
RP67: 9/6/2010 5:04:52 PM - System Checkpoint
RP68: 9/7/2010 5:45:52 PM - System Checkpoint
RP69: 9/8/2010 6:40:19 PM - System Checkpoint
RP70: 9/9/2010 6:50:48 PM - System Checkpoint
RP71: 9/10/2010 7:44:39 PM - System Checkpoint
RP72: 9/11/2010 8:27:25 PM - System Checkpoint
RP73: 9/12/2010 8:54:29 PM - System Checkpoint
RP74: 9/13/2010 9:48:59 PM - System Checkpoint
RP75: 9/14/2010 10:43:41 PM - System Checkpoint
RP76: 9/15/2010 11:00:18 AM - Software Distribution Service 3.0
RP77: 9/16/2010 11:31:24 AM - System Checkpoint
RP78: 9/17/2010 12:26:50 PM - System Checkpoint
RP79: 9/18/2010 2:14:53 PM - System Checkpoint
RP80: 9/19/2010 3:29:39 PM - System Checkpoint
RP81: 9/20/2010 3:44:21 PM - System Checkpoint
RP82: 9/21/2010 4:15:14 PM - System Checkpoint
RP83: 9/22/2010 4:34:59 PM - System Checkpoint
RP84: 9/23/2010 3:56:21 PM - Installed Windows Defender
RP85: 9/23/2010 6:53:11 PM - avast! Free Antivirus Setup
RP86: 9/24/2010 7:18:55 PM - System Checkpoint
RP87: 9/25/2010 1:20:32 PM - Cleanup
RP88: 9/25/2010 1:54:01 PM - Installed AVG Free 9.0
RP89: 9/26/2010 8:11:53 AM - Avg Update
RP90: 9/26/2010 8:12:36 AM - Avg Update
RP91: 9/26/2010 8:11:12 PM - Installed Adobe Reader 8.2.0
RP92: 9/27/2010 8:29:10 PM - System Checkpoint
RP93: 9/28/2010 8:36:40 PM - System Checkpoint
RP94: 9/29/2010 7:00:20 PM - Software Distribution Service 3.0
RP95: 9/30/2010 7:09:28 PM - System Checkpoint
RP96: 10/1/2010 8:44:55 PM - System Checkpoint
RP97: 10/3/2010 9:43:22 AM - System Checkpoint
RP98: 10/4/2010 9:47:48 AM - Avg Update
RP99: 10/5/2010 10:31:37 AM - System Checkpoint
RP100: 10/6/2010 11:26:28 AM - System Checkpoint
RP101: 10/6/2010 7:00:19 PM - Software Distribution Service 3.0
RP102: 10/7/2010 7:00:19 PM - Software Distribution Service 3.0
RP103: 10/8/2010 7:10:44 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
3D!Turbo Experience
4500_Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 8.2.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Defender 2.0.6.15
BufferChm
Camera Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CouponBar
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
Driver Installer
eSupportQFolder
Fax
Garmin Communicator Plugin
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
getPlus®_ocx
Google Earth Plug-in
Google Update Helper
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Memories Disc
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPProductAssistant
iPod for Windows 2006-06-28
IrfanView (remove only)
iTunes
J4500
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 20
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
LeapFrog Connect
LeapFrog Crammer Plugin
Logitech SetPoint
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Project Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.10)
MSVCSetup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
NVIDIA Drivers
NVIDIA WDM Drivers
NVIDIA Windows 2000/XP nForce Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PowerDVD
ProductContext
PSSWCORE
QuickTime
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartWebPrintingOC
SolutionCenter
SPORE™
Spyware Doctor 7.0
Status
StorageSync Backup Software
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Crammer Plugin)
VideoToolkit01
VoiceOver Kit
WebFldrs XP
WebReg
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - OEM (mr97320) Image (04/20/2007 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid Codec 1.1.3
Yahoo! Photos Easy Upload Tool 1v6

==== Event Viewer Messages From Past Week ========

10/8/2010 9:03:42 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
10/7/2010 5:39:23 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
10/7/2010 5:39:23 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/7/2010 5:39:23 PM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
10/7/2010 5:39:23 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/4/2010 9:48:48 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
10/3/2010 8:40:17 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
10/3/2010 8:38:48 AM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/3/2010 8:38:48 AM, error: Service Control Manager [7000] - The WINBOND W55U01 USB service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/3/2010 8:37:44 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/3/2010 8:37:44 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

#15 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:26 PM

Posted 09 October 2010 - 03:59 AM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

CODE
Driver::
Inimpurucl
DDS::
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.4) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall these old Javas:
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Any issues left?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users