[michaelg9]

Hello,
Can you tell me what problem do you get while trying to download ComboFix?


Please read carefully and follow these steps.

• Download TDSSKiller from a clean computer and save it to your USB drive. Then transfer the USB to the infected computer and do the following:
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Next:



Download Combofix from any of the links below but rename it to explorer.com before saving it to a USB drive from a clean computer.

Link 1
Link 2
Link 3


Transfer the USB to the infected computer and do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
C:\$RECYCLE(0).BIN
C:\Program Files\Object

Registry::
[HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions]
{EB132DB0-A4CA-11DF-9732-0E29E0D72085}=-
[HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions]
{EB132DB0-A4CA-11DF-9732-0E29E0D72085}=-

RegNull::
[HKEY_USERS\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA3DD5C5-2F6F-E749-D4A2-0D91BDF20D27}*]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Advertisements]

If i try to download combofix the download bar doesnt move.

If it does manage to download it then says Combofix is a read only file.

If it doesnt say that it dissapears..

[Bismillah]

If i try to download combofix the download bar doesnt move.

If it does manage to download it then says Combofix is a read only file.

If it doesnt say that it dissapears..

[Bismillah]

2011/08/27 18:12:50.0972 4756 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/27 18:12:51.0120 4756 ================================================================================
2011/08/27 18:12:51.0120 4756 SystemInfo:
2011/08/27 18:12:51.0120 4756
2011/08/27 18:12:51.0120 4756 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/27 18:12:51.0120 4756 Product type: Workstation
2011/08/27 18:12:51.0120 4756 ComputerName: LENOVO-PC
2011/08/27 18:12:51.0120 4756 UserName: LENOVO
2011/08/27 18:12:51.0120 4756 Windows directory: C:\Windows
2011/08/27 18:12:51.0120 4756 System windows directory: C:\Windows
2011/08/27 18:12:51.0120 4756 Processor architecture: Intel x86
2011/08/27 18:12:51.0120 4756 Number of processors: 2
2011/08/27 18:12:51.0120 4756 Page size: 0x1000
2011/08/27 18:12:51.0120 4756 Boot type: Normal boot
2011/08/27 18:12:51.0120 4756 ================================================================================
2011/08/27 18:12:53.0704 4756 Initialize success
2011/08/27 18:12:56.0091 7196 ================================================================================
2011/08/27 18:12:56.0091 7196 Scan started
2011/08/27 18:12:56.0091 7196 Mode: Manual;
2011/08/27 18:12:56.0091 7196 ================================================================================
2011/08/27 18:12:58.0858 7196 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/27 18:12:58.0995 7196 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/27 18:12:59.0064 7196 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/27 18:12:59.0146 7196 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/27 18:12:59.0171 7196 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/27 18:12:59.0288 7196 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/27 18:12:59.0354 7196 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/27 18:12:59.0389 7196 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/27 18:12:59.0499 7196 aliide (30015c9e6b07bd122e9aba0bed6d5ac6) C:\Windows\system32\drivers\aliide.sys
2011/08/27 18:12:59.0545 7196 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/27 18:12:59.0566 7196 amdide (0f8f496b9061a71a070950b180ab9e80) C:\Windows\system32\drivers\amdide.sys
2011/08/27 18:12:59.0591 7196 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/27 18:12:59.0613 7196 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/27 18:12:59.0758 7196 amdkmdag (383f70040be9acaa627dd7b42d0e8dd4) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/27 18:12:59.0966 7196 amdkmdap (1b2529f48203bc08416ac95423025324) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/27 18:13:00.0045 7196 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/27 18:13:00.0067 7196 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/27 18:13:00.0162 7196 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/27 18:13:00.0210 7196 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/27 18:13:00.0246 7196 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/08/27 18:13:00.0297 7196 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/08/27 18:13:00.0398 7196 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/08/27 18:13:00.0439 7196 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/08/27 18:13:00.0515 7196 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/27 18:13:00.0574 7196 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/27 18:13:00.0672 7196 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/08/27 18:13:00.0740 7196 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/27 18:13:00.0839 7196 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/27 18:13:00.0908 7196 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/27 18:13:00.0930 7196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/27 18:13:00.0954 7196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/27 18:13:01.0004 7196 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/27 18:13:01.0027 7196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/27 18:13:01.0048 7196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/27 18:13:01.0072 7196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/27 18:13:01.0097 7196 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/27 18:13:01.0207 7196 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/27 18:13:01.0265 7196 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/27 18:13:01.0318 7196 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/27 18:13:01.0396 7196 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/27 18:13:01.0432 7196 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/27 18:13:01.0455 7196 cmdide (47e62bc503b969b3162d8e99c2df4988) C:\Windows\system32\drivers\cmdide.sys
2011/08/27 18:13:01.0516 7196 CnxtHdAudService (912c546ab87aa0e240e82bd7ca48a9e6) C:\Windows\system32\drivers\CHDRT32.sys
2011/08/27 18:13:01.0572 7196 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/27 18:13:01.0607 7196 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/27 18:13:01.0672 7196 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/27 18:13:01.0769 7196 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/08/27 18:13:01.0873 7196 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/27 18:13:01.0952 7196 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/27 18:13:02.0011 7196 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/08/27 18:13:02.0045 7196 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/08/27 18:13:02.0081 7196 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/08/27 18:13:02.0120 7196 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
2011/08/27 18:13:02.0160 7196 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/08/27 18:13:02.0195 7196 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/08/27 18:13:02.0227 7196 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/08/27 18:13:02.0263 7196 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/08/27 18:13:02.0302 7196 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/08/27 18:13:02.0324 7196 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/08/27 18:13:02.0387 7196 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/27 18:13:02.0440 7196 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/08/27 18:13:02.0484 7196 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/08/27 18:13:02.0544 7196 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/27 18:13:02.0610 7196 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/27 18:13:02.0637 7196 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/27 18:13:02.0696 7196 e1yexpress (a6aa4882616e7da283c12b30f577ac0c) C:\Windows\system32\DRIVERS\e1y6032.sys
2011/08/27 18:13:02.0773 7196 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/27 18:13:02.0835 7196 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/27 18:13:02.0870 7196 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/27 18:13:02.0939 7196 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/27 18:13:03.0007 7196 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/27 18:13:03.0075 7196 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/27 18:13:03.0130 7196 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/27 18:13:03.0151 7196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/27 18:13:03.0182 7196 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/27 18:13:03.0222 7196 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/27 18:13:03.0280 7196 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/27 18:13:03.0327 7196 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/27 18:13:03.0369 7196 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/27 18:13:03.0427 7196 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/27 18:13:03.0480 7196 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/27 18:13:03.0546 7196 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/27 18:13:03.0602 7196 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys
2011/08/27 18:13:03.0624 7196 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/27 18:13:03.0647 7196 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/27 18:13:03.0690 7196 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/27 18:13:03.0737 7196 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/27 18:13:03.0801 7196 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/27 18:13:03.0878 7196 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/27 18:13:03.0950 7196 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/27 18:13:04.0012 7196 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/27 18:13:04.0083 7196 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/27 18:13:04.0130 7196 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/27 18:13:04.0186 7196 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/27 18:13:04.0244 7196 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/27 18:13:04.0301 7196 IBMPMDRV (7285cd0c2b686e0590f941b48414a9f4) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/08/27 18:13:04.0336 7196 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/27 18:13:04.0368 7196 intelide (c375328451ec8c74c8874e8acc5a33e5) C:\Windows\system32\drivers\intelide.sys
2011/08/27 18:13:04.0511 7196 intelkmd (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/27 18:13:04.0603 7196 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/27 18:13:04.0629 7196 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/27 18:13:04.0680 7196 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/27 18:13:04.0704 7196 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/27 18:13:04.0731 7196 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/27 18:13:04.0791 7196 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/27 18:13:04.0845 7196 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/27 18:13:04.0869 7196 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/27 18:13:04.0893 7196 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/27 18:13:04.0941 7196 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/27 18:13:04.0992 7196 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/27 18:13:05.0063 7196 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/27 18:13:05.0161 7196 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
2011/08/27 18:13:05.0202 7196 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/27 18:13:05.0255 7196 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/27 18:13:05.0279 7196 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/27 18:13:05.0308 7196 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/27 18:13:05.0344 7196 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/27 18:13:05.0384 7196 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
2011/08/27 18:13:05.0438 7196 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/27 18:13:05.0458 7196 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/27 18:13:05.0510 7196 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/27 18:13:05.0561 7196 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/27 18:13:05.0608 7196 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/27 18:13:05.0639 7196 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/27 18:13:05.0675 7196 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/27 18:13:05.0736 7196 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/27 18:13:05.0777 7196 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/27 18:13:05.0819 7196 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/27 18:13:05.0856 7196 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/27 18:13:05.0931 7196 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/27 18:13:05.0988 7196 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/27 18:13:06.0052 7196 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/27 18:13:06.0121 7196 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/27 18:13:06.0175 7196 msahci (ece9dca494a565eb7c443a516731d813) C:\Windows\system32\drivers\msahci.sys
2011/08/27 18:13:06.0220 7196 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/27 18:13:06.0320 7196 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/27 18:13:06.0352 7196 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/27 18:13:06.0396 7196 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/27 18:13:06.0425 7196 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/27 18:13:06.0449 7196 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/27 18:13:06.0540 7196 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/27 18:13:06.0583 7196 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/27 18:13:06.0605 7196 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/27 18:13:06.0676 7196 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/27 18:13:06.0739 7196 MUXMP (2e48d13da92964174a41f9cfea25d1df) C:\Windows\system32\DRIVERS\mux.sys
2011/08/27 18:13:06.0750 7196 MUXP (2e48d13da92964174a41f9cfea25d1df) C:\Windows\system32\DRIVERS\mux.sys
2011/08/27 18:13:06.0839 7196 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/27 18:13:06.0907 7196 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/27 18:13:06.0949 7196 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/27 18:13:06.0981 7196 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/27 18:13:07.0017 7196 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/27 18:13:07.0054 7196 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/27 18:13:07.0094 7196 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/27 18:13:07.0157 7196 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/27 18:13:07.0316 7196 NETw5v32 (eb959260cf3dac0ad88eae95372bb679) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/08/27 18:13:07.0434 7196 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/27 18:13:07.0500 7196 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/27 18:13:07.0570 7196 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/27 18:13:07.0659 7196 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/27 18:13:07.0716 7196 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/27 18:13:07.0763 7196 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/08/27 18:13:07.0798 7196 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/27 18:13:07.0819 7196 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/27 18:13:07.0842 7196 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/27 18:13:07.0884 7196 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/27 18:13:07.0982 7196 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/27 18:13:08.0032 7196 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/27 18:13:08.0107 7196 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/27 18:13:08.0152 7196 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/27 18:13:08.0218 7196 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/27 18:13:08.0242 7196 pciide (fbead1a64b9baede0aaa8a04b4745e1b) C:\Windows\system32\drivers\pciide.sys
2011/08/27 18:13:08.0305 7196 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/27 18:13:08.0380 7196 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/27 18:13:08.0479 7196 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/27 18:13:08.0519 7196 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/27 18:13:08.0604 7196 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\Windows\system32\DRIVERS\psadd.sys
2011/08/27 18:13:08.0674 7196 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/27 18:13:08.0750 7196 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/27 18:13:08.0810 7196 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/27 18:13:08.0864 7196 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/27 18:13:08.0906 7196 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/27 18:13:08.0941 7196 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/27 18:13:09.0001 7196 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/27 18:13:09.0091 7196 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/27 18:13:09.0120 7196 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/27 18:13:09.0216 7196 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/27 18:13:09.0263 7196 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/27 18:13:09.0311 7196 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/08/27 18:13:09.0346 7196 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/27 18:13:09.0416 7196 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/27 18:13:09.0542 7196 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
2011/08/27 18:13:09.0596 7196 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/08/27 18:13:09.0636 7196 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/27 18:13:09.0691 7196 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/27 18:13:09.0761 7196 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
2011/08/27 18:13:09.0824 7196 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\Windows\system32\DRIVERS\s115mdfl.sys
2011/08/27 18:13:09.0888 7196 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\Windows\system32\DRIVERS\s115mdm.sys
2011/08/27 18:13:09.0952 7196 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\Windows\system32\DRIVERS\s115mgmt.sys
2011/08/27 18:13:10.0011 7196 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\Windows\system32\DRIVERS\s115obex.sys
2011/08/27 18:13:10.0071 7196 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/27 18:13:10.0191 7196 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/27 18:13:10.0248 7196 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/27 18:13:10.0281 7196 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/27 18:13:10.0304 7196 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/27 18:13:10.0338 7196 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/27 18:13:10.0378 7196 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/27 18:13:10.0403 7196 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/27 18:13:10.0426 7196 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/27 18:13:10.0467 7196 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/27 18:13:10.0563 7196 Shockprf (2108fc5934843e5f346a715e71fa79f9) C:\Windows\system32\DRIVERS\Apsx86.sys
2011/08/27 18:13:10.0588 7196 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/27 18:13:10.0613 7196 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/27 18:13:10.0652 7196 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/27 18:13:10.0722 7196 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/27 18:13:10.0791 7196 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/27 18:13:10.0851 7196 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/27 18:13:10.0926 7196 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/27 18:13:10.0996 7196 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/27 18:13:11.0088 7196 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/27 18:13:11.0146 7196 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/27 18:13:11.0169 7196 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/27 18:13:11.0193 7196 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/27 18:13:11.0260 7196 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/27 18:13:11.0357 7196 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/27 18:13:11.0434 7196 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/27 18:13:11.0479 7196 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/27 18:13:11.0536 7196 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/27 18:13:11.0557 7196 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/27 18:13:11.0623 7196 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/27 18:13:11.0674 7196 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/27 18:13:11.0736 7196 TPDIGIMN (1282722cf2cc5a88a606b8022d0f8b7e) C:\Windows\system32\DRIVERS\ApsHM86.sys
2011/08/27 18:13:11.0782 7196 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2011/08/27 18:13:11.0828 7196 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
2011/08/27 18:13:11.0900 7196 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/27 18:13:11.0945 7196 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/27 18:13:11.0973 7196 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/27 18:13:12.0036 7196 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
2011/08/27 18:13:12.0066 7196 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/08/27 18:13:12.0105 7196 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
2011/08/27 18:13:12.0135 7196 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/27 18:13:12.0218 7196 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/27 18:13:12.0281 7196 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/27 18:13:12.0349 7196 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/27 18:13:12.0376 7196 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/27 18:13:12.0401 7196 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/27 18:13:12.0442 7196 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/27 18:13:12.0541 7196 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/27 18:13:12.0577 7196 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/27 18:13:12.0600 7196 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/27 18:13:12.0658 7196 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/27 18:13:12.0711 7196 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/27 18:13:12.0771 7196 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
2011/08/27 18:13:12.0809 7196 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/27 18:13:12.0867 7196 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/27 18:13:12.0928 7196 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/27 18:13:12.0985 7196 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/27 18:13:13.0031 7196 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/27 18:13:13.0075 7196 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/27 18:13:13.0107 7196 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/27 18:13:13.0149 7196 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/27 18:13:13.0172 7196 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/27 18:13:13.0196 7196 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/27 18:13:13.0219 7196 viaide (300967ca994e09de0f69ec2b74724736) C:\Windows\system32\drivers\viaide.sys
2011/08/27 18:13:13.0258 7196 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/27 18:13:13.0332 7196 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/27 18:13:13.0373 7196 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/27 18:13:13.0417 7196 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/27 18:13:13.0487 7196 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/27 18:13:13.0534 7196 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/27 18:13:13.0546 7196 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/27 18:13:13.0582 7196 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/27 18:13:13.0630 7196 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/27 18:13:13.0759 7196 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/27 18:13:13.0827 7196 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/27 18:13:13.0972 7196 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/27 18:13:14.0042 7196 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/27 18:13:14.0091 7196 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/27 18:13:14.0136 7196 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/27 18:13:14.0183 7196 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/27 18:13:14.0235 7196 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/27 18:13:14.0254 7196 Boot (0x1200) (fd6ec88d8076595c56f586a6640550b9) \Device\Harddisk0\DR0\Partition0
2011/08/27 18:13:14.0279 7196 Boot (0x1200) (924f092e7d335e24d5910a9056c58daf) \Device\Harddisk0\DR0\Partition1
2011/08/27 18:13:14.0314 7196 Boot (0x1200) (87164d11fd6084c5ed4159e63cbdd158) \Device\Harddisk0\DR0\Partition2
2011/08/27 18:13:14.0318 7196 ================================================================================
2011/08/27 18:13:14.0318 7196 Scan finished
2011/08/27 18:13:14.0318 7196 ================================================================================
2011/08/27 18:13:14.0328 7660 Detected object count: 0
2011/08/27 18:13:14.0328 7660 Actual detected object count: 0

[Bismillah]

ComboFix 11-08-27.01 - LENOVO 27/08/2011 18:18:52.9.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.1943.573 [GMT 1:00]
Running from: c:\users\LENOVO\Desktop\ComboFix.exe
Command switches used :: c:\users\LENOVO\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$RECYCLE(0).BIN
c:\$recycle(0).bin\S-1-5-21-1853308285-865056411-922338472-1000\$IPYOFOC.txt
c:\$recycle(0).bin\S-1-5-21-1853308285-865056411-922338472-1000\$RPYOFOC.txt
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))
.
.
2011-08-27 17:30 . 2011-08-27 17:35 -------- d-----w- c:\users\LENOVO\AppData\Local\temp
2011-08-27 17:30 . 2011-08-27 17:30 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-27 17:30 . 2011-08-27 17:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-27 17:30 . 2011-08-27 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-26 17:30 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9258D698-2928-417A-8E1C-4C6C241C23F0}\mpengine.dll
2011-08-26 01:11 . 2011-08-26 01:25 -------- d-----w- c:\users\LENOVO\AppData\Roaming\IconChanger
2011-08-26 01:10 . 2011-08-26 01:10 -------- d-----w- c:\program files\IconChanger
2011-08-25 22:39 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-25 21:45 . 2011-08-25 21:45 54016 ----a-w- c:\windows\system32\drivers\mfofyyb.sys
2011-08-20 13:04 . 2011-08-20 16:46 -------- d-----w- c:\program files\Puran Defrag
2011-08-20 13:04 . 2011-04-08 15:09 229376 ----a-w- c:\windows\system32\PuranDefragS.exe
2011-08-20 13:04 . 2011-04-08 15:09 221184 ----a-w- c:\windows\system32\PuranDC.exe
2011-08-20 13:04 . 2011-04-08 15:09 1110016 ----a-w- c:\windows\system32\PuranFD.exe
2011-08-20 13:04 . 2011-04-08 15:09 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2011-08-20 13:04 . 2010-01-27 12:58 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2011-08-20 12:52 . 2011-08-20 12:52 -------- d-----w- c:\programdata\{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}
2011-08-20 12:52 . 2011-08-20 12:52 -------- d-----w- c:\program files\Lenovo Hard Drive Quick Test
2011-08-20 12:50 . 2011-08-20 12:50 -------- d-----w- c:\users\LENOVO\AppData\Roaming\Update
2011-08-20 12:50 . 2011-08-20 12:50 -------- d-----w- c:\users\LENOVO\AppData\Roaming\PCDr
2011-08-20 12:41 . 2011-08-20 12:41 -------- d-----w- c:\program files\Common Files\Lenovo.com
2011-08-20 12:37 . 2011-08-20 12:37 -------- d-----w- c:\users\LENOVO\AppData\Roaming\Leadertech
2011-08-19 10:30 . 2011-08-19 10:30 388096 ----a-r- c:\users\LENOVO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-19 10:30 . 2011-08-19 10:30 -------- d-----w- c:\program files\Trend Micro
2011-08-18 13:42 . 2011-08-18 13:42 -------- d-----w- c:\program files\Speccy
2011-08-18 12:22 . 2011-08-18 12:22 -------- d-----w- C:\_OTL
2011-08-15 21:48 . 2011-08-15 21:48 -------- d-----w- c:\users\LENOVO\AppData\Roaming\JGsoft
2011-08-15 21:47 . 2011-08-15 21:47 -------- d-----w- c:\program files\JGsoft
2011-08-15 21:47 . 2011-05-16 02:33 67312 ----a-w- c:\windows\UnDeployV.exe
2011-08-10 20:00 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 20:00 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:00 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-08 19:23 . 2011-08-27 13:24 -------- d-----w- c:\users\LENOVO\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2010-09-02 00:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2010-09-02 00:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-08-25 16:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-08-25 16:06 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-01 21:39 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-08-25 16:07 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-08-25 16:07 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-08-25 16:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-08-25 16:07 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-08-25 16:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-18 17:54 . 2011-06-18 17:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 13:45 . 2011-05-08 19:28 187328 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2011-06-17 13:40 . 2011-05-08 19:27 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-15 11:07 . 2011-01-19 00:59 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-06-02 13:34 . 2011-07-27 17:16 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-20_12.25.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 22:39 . 2011-07-11 13:07 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22676_none_1771c6a120094aaa\tzupd.exe
+ 2010-08-25 16:52 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18492_none_16ce86f006ff803f\tzupd.exe
+ 2008-01-21 01:58 . 2011-08-27 17:35 74898 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2011-08-27 17:35 85214 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-05 21:52 . 2011-08-27 17:35 16242 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1853308285-865056411-922338472-1000_UserData.bin
+ 2010-08-05 21:49 . 2011-08-27 17:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-05 21:49 . 2011-08-20 12:03 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-11 20:54 . 2011-08-20 12:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-11 20:54 . 2011-08-27 17:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-05 21:49 . 2011-08-20 12:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-05 21:49 . 2011-08-27 17:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 17:19 . 2011-08-24 23:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-22 17:19 . 2011-08-16 19:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-22 17:19 . 2011-08-24 23:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-22 17:19 . 2011-08-16 19:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-22 17:19 . 2011-08-16 19:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 17:19 . 2011-08-24 23:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-07 13:16 . 2011-08-16 16:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-07 13:16 . 2011-08-24 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-07 13:16 . 2011-08-24 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-07 13:16 . 2011-08-16 16:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-05 14:00 . 2010-08-05 14:00 25214 c:\windows\Installer\{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}\MyDVDShortcut_2099C17679884B91BF99B6C0521D142A.exe
+ 2010-08-05 14:00 . 2011-08-26 20:36 25214 c:\windows\Installer\{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}\MyDVDShortcut_2099C17679884B91BF99B6C0521D142A.exe
+ 2011-08-25 22:39 . 2011-07-11 13:07 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22676_none_1771c6a120094aaa\tzres.dll
+ 2011-08-25 22:39 . 2011-07-11 13:25 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18492_none_16ce86f006ff803f\tzres.dll
+ 2011-08-27 17:32 . 2011-08-27 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-20 11:54 . 2011-08-20 11:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-20 11:54 . 2011-08-20 11:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-27 17:32 . 2011-08-27 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-07 14:00 . 2011-08-27 15:39 259188 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-08-26 13:25 . 2011-08-20 12:03 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-26 13:25 . 2011-08-26 12:31 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-03-05 23:29 . 2011-08-20 11:53 289620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-05 23:29 . 2011-08-27 17:31 289620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-05 14:00 . 2010-08-05 14:00 287934 c:\windows\Installer\{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}\ARPPRODUCTICON.exe
+ 2010-08-05 14:00 . 2011-08-26 20:36 287934 c:\windows\Installer\{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}\ARPPRODUCTICON.exe
+ 2006-11-02 10:22 . 2011-08-26 02:04 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2011-08-20 11:56 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2011-06-12 22:10 . 2011-08-27 17:31 2948776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-06-12 22:10 . 2011-08-20 11:53 2948776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-30 06:32 . 2011-08-26 02:02 214711559 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-26 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-04-22 49976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-04-15 660768]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-10 435560]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-12-10 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes2\iTunesHelper.exe" [2011-06-07 421160]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-02 273544]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk
backup=c:\windows\pss\ShortKeys 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 3.lnk
backup=c:\windows\pss\ShortKeys 3.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51 421160 ----a-w- c:\program files\iTunes2\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-15 19:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-02 00:01 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-27 106496]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-21 4208208]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-04-08 229376]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-27 1676536]
S2 DDNIOEMService;DDNIOEMService;c:\program files\DDNI\SBITS\DDNIOEMService.exe [2007-09-28 162280]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-27 98304]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-04-15 66848]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-27 482176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-08-14 220152]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000Core.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000UA.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2010-08-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\xqbyuseu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-27 18:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1292)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\IconChanger\IconChng.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-27 18:45:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-27 17:45
ComboFix2.txt 2011-08-26 18:52
ComboFix3.txt 2011-08-24 16:42
ComboFix4.txt 2011-08-20 12:33
ComboFix5.txt 2011-08-27 17:15
.
Pre-Run: 39,390,580,736 bytes free
Post-Run: 39,008,190,464 bytes free
.
Current=10 Default=10 Failed=1 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - 3491D2B09150F82488F134468F6DA633

[michaelg9]

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post





Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Next:

Can you tell me what symptoms do you get?

[Bismillah]

I couldnt get AVP to run it kept freezing.

So i carried on with the MBAM scan.
I accidently clicked full scan and i left it to it.
(the scan is still running now)
I noticed it was scanning a unusual folder
called 'the will never find us here'

So i took a look at the folder and while looking inside the folder Avast pops up saying
one of the files was Alureon which it has quarintined it.
Log of mbam to follow

[Bismillah]

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7588

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

27/08/2011 22:44:38
mbam-log-2011-08-27 (22-44-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 293741
Time elapsed: 2 hour(s), 29 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\the will never find us here\076bc0533d63826e1e809ad9fcbe2fb8 (Spyware.Passwords.XGen) -> No action taken.
c:\the will never find us here\120d845ac973b4a0cde2bc88d8530b3d (Spyware.Passwords.XGen) -> No action taken.
c:\the will never find us here\150d006eab34528e3305fbbb5ad82164 (Spyware.Passwords.XGen) -> No action taken.
c:\Users\LENOVO\Desktop\gta folder\trainer.exe (Trojan.Downloader) -> No action taken.

[michaelg9]

Hello,

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  c:\the will never find us here
  c:\Users\LENOVO\Desktop\gta folder\trainer.exe
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next:

Boot into safe mode. Instructions for this here
Try again the instructions with AVP.
If it freezes again, skip the scan with AVP and try run the manual analysis. This is the part under:
Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post

[Bismillah]

OTL froze

[michaelg9]

Do these instead:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\Users\LENOVO\Desktop\gta folder\trainer.exe

Folder::
c:\the will never find us here

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Next:

Boot into safe mode. Instructions for this here
Try again the instructions with AVP.
If it freezes again, skip the scan with AVP and try run the manual analysis. This is the manual analysis part:
Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post





Next:

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracting ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Make sure all the items on the list are checked.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

[Bismillah]

Cant remember what i run yesterday (dam memory)
But logged on today and this popped up
also combofix and AVPtool have both been deleted.
Running Rootkitunhooker Avast decided that rootkitunhooker was a virus halfway through the scan and has quarintined it... althought it is still running.



iles\Folders moved on Reboot...
File\Folder C:\Users\LENOVO\AppData\Local\Temp\Low\hsperfdata_LENOVO\3728 not found!
C:\Users\LENOVO\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\LENOVO\AppData\Local\Temp\~DF5723.tmp not found!
File\Folder C:\Users\LENOVO\AppData\Local\Temp\~DF572B.tmp not found!
File\Folder C:\Users\LENOVO\AppData\Local\Temp\~DF5791.tmp not found!
File\Folder C:\Users\LENOVO\AppData\Local\Temp\~DF5799.tmp not found!
File\Folder C:\Users\LENOVO\AppData\Local\Temp\~DF57CD.tmp not found!
File\Folder C:\Users\LENOVO\AppData\Local\Temp\~DF57D5.tmp not found!
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6EMVSBN\login_status[6].htm moved successfully.
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6EMVSBN\page__st__120[1].htm moved successfully.
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UOL0B71I\adsCAMQ0BUF.htm moved successfully.
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UOL0B71I\forums[1].txt not found!
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TGRV5TN0\adsCAX0SJH6.htm moved successfully.
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF8L56KF\school-hacked-pupil-broke-data-act-281846077[1].htm not found!
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OUOG0OUG\like[5].htm not found!
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MP1EYCQE\fastbutton[1].htm not found!
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IMJUQEPB\ads[8].htm moved successfully.
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IMJUQEPB\like[2].htm not found!
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DLX75DBP\login_status[7].htm moved successfully.
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DLX75DBP\watch[1].htm not found!
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaDFE1.tmp not found!
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMSM5S77\api[1].htm moved successfully.
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOJ84G14\background-banner-middle-v45[1].jpg moved successfully.
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J93NLCQ2\api[1].htm moved successfully.
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2IVFEUS\ADSAdClient31[1].txt not found!
C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2IVFEUS\list-item-plus[1].png moved successfully.
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content(37).IE5\5F701TAG\.hd-625-13.ch-3013-62.lg-3174-1338-1338.sh-3064-62.ha-3140-62.fa-3193-1338.ca-3187-110.cp-3207-1338-1341,s-1.g-0.d-4.h-4.a-0,8a122da16ba645d59191d57286698b3e[1].gif not found!
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content(37).IE5\06VXKQY0\;afct=site_content;kgg=-1;kcr=gb;u=Dk0dbsSdxs0%7C119;afv=1;khd=0;dc_dedup=1;kpu=luanmarcio;;k2=972;k3=972;k5=972;as3=1;dc_seed=217976775;tile=1;ord=428903171[1].asx not found!
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content(37).IE5\06VXKQY0\;u=wGTQFXciDs4%7C1;afv=1;khd=0;dc_dedup=1;kpu=Botan12jaar;k2=613;k3=613;k2=8;k4=8;k2=972;k5=613_8_972;as3=1;tile=1;kmyd=watch-channel-brand-div;ord=855811289[1].asx not found!
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content(37).IE5\06VXKQY0\e_content;ctb=1;kt=K;u=mtdCHmdhkTE%7C6;afv=1;dc_dedup=1;k2=105;k3=105;k2=613;k4=613;k2=8;k5=105_613_8;as3=1;tile=1;kmyd=watch-channel-brand-div;ord=647817779[1].asx not found!
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content(37).IE5\06VXKQY0\te_content;ctb=1;kt=K;u=T-NOk39BMSA%7C16;afv=1;dc_dedup=1;k2=613;k3=613;k2=8;k4=8;k2=972;k5=613_8_972;as3=1;tile=1;kmyd=watch-channel-brand-div;ord=517165836[1].asx not found!
File\Folder C:\Users\LENOVO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content(37).IE5\06VXKQY0\w;afct=site_content;ctb=1;kt=K;u=mtdCHmdhkTE%7C6;afv=1;dc_dedup=1;;k2=105;k3=105;k2=613;k4=613;k2=8;k5=105_613_8;as3=1;dc_seed=217976775;tile=1;ord=587634473[1].htm not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000041A52B479C13FF3372 not found!

Registry entries deleted on Reboot...

Edited by nortan360, 28 August 2011 - 06:47 AM.

[michaelg9]

That's the OTL fix log. Are you sure it froze when trying to run the last OTL fix?

Please download the tools again in a folder on your Desktop named tools and then run the fix above.

[Bismillah]

Yes OTL did freeze.




RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAddBootEntry, Type: Address change 0x830C4F1E-->9141E202 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateEvent, Type: Address change 0x83021DA7-->914207F0 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateEventPair, Type: Address change 0x830CA5D8-->91420848 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateIoCompletion, Type: Address change 0x82FDB972-->9142095E [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateMutant, Type: Address change 0x8302F80C-->91420746 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x83040DE5-->91420898 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateSemaphore, Type: Address change 0x82FE6D2B-->9142079A [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateTimer, Type: Address change 0x82FC9ACF-->9142090C [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtDeleteBootEntry, Type: Address change 0x830C4F4F-->9141E226 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x82F7ADEE-->9141DFF0 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtModifyBootEntry, Type: Address change 0x830C511F-->9141E24A [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Address change 0x82FCE609-->91420D56 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x82FCDA81-->9141ECDA [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenEvent, Type: Address change 0x83008DCF-->91420820 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenEventPair, Type: Address change 0x830CA707-->91420870 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenIoCompletion, Type: Address change 0x8307C6E9-->91420988 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenMutant, Type: Address change 0x83020B61-->91420772 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x8302066D-->914208D8 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenSemaphore, Type: Address change 0x82FB4EEE-->914207C8 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenTimer, Type: Address change 0x830CA363-->91420936 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtQueryObject, Type: Address change 0x82FF53AB-->9141EBA0 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetBootEntryOrder, Type: Address change 0x830C5850-->9141E26E [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetBootOptions, Type: Address change 0x830C5D54-->9141E292 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x82FF5EEB-->9141E04A [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetSystemPowerState, Type: Address change 0x830E90A1-->9141E186 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtShutdownSystem, Type: Address change 0x830C23F5-->9141E162 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x83007EC1-->9141E1AA [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtVdmControl, Type: Address change 0x830B6F21-->9141E2B6 [C:\Windows\System32\Drivers\aswSnx.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0xAF7C67C0 [232] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0xB2728208 [376] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x91A34D90 [560] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x91A86940 [656] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x81210B88 [696] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x8126CD90 [708] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x812097B8 [740] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x8121FD90 [756] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x812187A8 [764] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x81277020 [840] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x857E0B90 [936] C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation, Windows Modules Installer)
0x812FD6E0 [944] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x812FE588 [1028] C:\Windows\System32\DTS.exe (-, Data Transfer Service)
0x81302D90 [1040] C:\Windows\System32\ibmpmsvc.exe (Lenovo, ThinkPad Power Management Service)
0x91A963F8 [1072] C:\Windows\System32\AtService.exe (AuthenTec, Inc., AFSS Service)
0x813944F0 [1120] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x813E5670 [1164] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85429020 [1180] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x851DC4C8 [1220] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)
0x91BABD90 [1268] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x9D1DE9F8 [1328] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x9D1D6D90 [1352] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAF61C020 [1464] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x813F7D90 [1508] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0xAF6419F0 [1544] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x854904F0 [1584] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0xAF71DD90 [1688] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAF73AD90 [1900] C:\Windows\System32\wlanext.exe (Microsoft Corporation, Windows Wireless LAN 802.11 Extensibility Framework)
0x8703FD90 [1932] C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo, ThinkVantage Access Connections Service GUI helper Module)
0x8551CD90 [1940] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8515F3A0 [1952] C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0xAF6272B0 [2068] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB27D9500 [2328] C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited, On screen display Fn+Fx handler)
0xB27E5450 [2352] C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo, ThinkVantage Access Connections Profile Manager Service)
0xB2792A48 [2376] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
0xB27F8D90 [2420] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0xB3264720 [2444] C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation, Intel® PROSet/Wireless Event Log Service)
0x853958E8 [2532] C:\Program Files\DDNI\SBITS\DDNIOEMService.exe (Digital Delivery Networks, Inc., DDNI OEM Service)
0x854E5B70 [2540] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0xB27D5CE8 [2552] C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project, Firebird SQL Server)
0xB2776678 [2600] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation, PresentationFontCache.exe)
0x87051680 [2744] C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0xB330BB68 [2848] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0xB32FE968 [2884] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x85440D90 [2976] C:\Windows\System32\TpShocks.exe (Lenovo., ThinkVantage Active Protection System)
0x8704FD58 [3012] C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0xB3329C60 [3128] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB3329020 [3140] C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo, Power Manager Dynamic Brightness Control Service)
0xB33F8830 [3164] C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation, Intel® PROSet/Wireless Registry Service)
0xB33F4020 [3180] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp., Microsoft SeaPort Search Enhancement Broker)
0xB38D6858 [3228] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB38F7510 [3264] C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo, tvttcsd Application)
0xB38D9020 [3300] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85443D90 [3324] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0xB3904D90 [3336] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0xB3943D90 [3392] C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc., Modem Audio Service)
0xB3937C60 [3424] C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo, ThinkVantage Access Connections Main Service)
0x87055020 [3604] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x813B5D90 [3668] C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project, Firebird SQL Server)
0x8542CD90 [3732] C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net, TortoiseSVN status cache)
0xB3374D90 [3748] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x85410770 [3884] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited, Presentation Director Fn+F7 handler)
0x853E3890 [3900] C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo, RegMgr Module)
0x8553E940 [3920] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated, Synaptics TouchPad Enhancements)
0x85326620 [3984] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd., ThinkPad EasyEject Support Application)
0x8550B020 [4104] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)
0x85405140 [4152] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited, ThinkVantage Productivity Center Manager)
0x85405D90 [4164] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited, ThinkVantage Productivity Center MailChecker)
0x8555ED90 [4172] C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe (-, Message Center Plus Launcher)
0x85408D90 [4180] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x85555500 [4208] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited, scheduler_proxy Application)
0x85519D90 [4216] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo, ThinkVantage Access Connections AC Tray Module)
0x85543958 [4232] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo, ThinkVantage Access Connections Wireless LAN Icon Module)
0x854B5460 [4244] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc., Catalyst Control Center: Monitoring program)
0x85542938 [4300] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited, CSS Authentication Provider)
0x8556F258 [4316] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited, ThinkPad FnF6 Resident Module)
0x853EFB68 [4360] C:\Program Files\iTunes2\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x85575468 [4400] C:\Windows\System32\msiexec.exe (Microsoft Corporation, Windows® installer)
0x855AE020 [4548] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x855DFD90 [4556] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited, Launch Agent Service)
0x853EAC48 [4564] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)
0x857B8C60 [4576] C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited, Password Manager)
0x855FD5B8 [4580] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation, Windows Live Messenger)
0x8554F370 [4808] C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited, ThinkVantage Registry Monitor Service)
0x856396E0 [4984] C:\Windows\System32\TPHDEXLG.exe (Lenovo., ThinkVantage Active Protection System - HDD Logger Module)
0x8540B020 [5032] C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe (-, rrpservice Module)
0x85567D90 [5204] C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited, Rescue and Recovery Backup Service)
0xB274F940 [5260] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated, TouchPad Driver Helper Application)
0xB798C6A0 [5412] C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x858606C8 [5432] C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation, Windows Live Communications Platform)
0x85746940 [5436] C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited, ThinkVantage Scheduler)
0x857417F8 [5444] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc., Catalyst Control Centre: Host application)
0x857F5288 [5472] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc., Adobe® Flash® Player Installer/Uninstaller 10.3 r181)
0x8570F020 [5548] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated, Synaptics Pointing Device Helper)
0x853801A8 [5844] C:\Users\LENOVO\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x85780290 [6000] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x84B93C10 [4] System
0x91B31D90 [1436] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x8D200000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8CC07000 C:\Windows\system32\DRIVERS\atikmdag.sys 5898240 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82E0F000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82E0F000 PnpManager 3907584 bytes
0x82E0F000 RAW 3907584 bytes
0x82E0F000 WMIxWDM 3907584 bytes
0x8DC0F000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3756032 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x94AA0000 Win32k 2113536 bytes
0x94AA0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88C01000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x88804000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9100D000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x88A08000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D4000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB2F0C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x88B0D000 C:\Windows\System32\Drivers\dump_iaStor.sys 897024 bytes
0x88606000 C:\Windows\system32\DRIVERS\iaStor.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9110F000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xAEE1B000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8D8E4000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8DA01000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E409000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x91801000 C:\Windows\System32\Drivers\ATSwpWDF.sys 479232 bytes (AuthenTec, Inc., AuthenTec Swipe Sensor WDF USB Driver)
0x8E510000 C:\Windows\system32\drivers\CHDRT32.sys 479232 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x88782000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060F000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9140B000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8040A000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAEF22000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x918FC000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x88997000 C:\Windows\system32\DRIVERS\mux.sys 323584 bytes (Intel© Corporation, My WiFi PAN Intermediate Miniport Driver)
0xB2EA1000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x9196E000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x80737000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x91542000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80493000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8DB19000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8D1A7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x805B4000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x918B4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8893A000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8DA8E000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8D9AD000 C:\Windows\system32\DRIVERS\e1y6032.sys 237568 bytes (Intel Corporation, Intel® Gigabit Network Connection NDIS 6 deserialized driver)
0xB2E28000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88D11000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x915C1000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8E4CA000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x831C9000 ACPI_HAL 208896 bytes
0x831C9000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8871F000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9158F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DAEA000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80781000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8E585000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8890F000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8DB78000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAEEDB000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xB2E79000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88D8A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E5000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8E5B2000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8DBD9000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88DC2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAEFDA000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x914BC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x88D5B000 C:\Windows\System32\DRIVERS\Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0xB2E09000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x886E9000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAEF8F000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x88AF2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x919DE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAEFAC000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DAC9000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8E5D7000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xB2E61000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91957000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0xAEE04000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x88761000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0x8DBB7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB2EF0000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x807E7000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x91876000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9150F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAEFC5000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807D2000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x807BE000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9152E000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D990000 C:\Windows\system32\DRIVERS\atikmpag.sys 77824 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8DFC2000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xAEF0F000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9189A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88DB1000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E4FF000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88751000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x911CD000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xAEECB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807AE000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8DFA4000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E492000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x88975000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x919CF000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88D7B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070C000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x889E6000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D1E5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80728000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8DFB4000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x94CF0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9188C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x914F8000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88711000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8DFED000 C:\Windows\system32\drivers\tpm.sys 57344 bytes (Microsoft Corporation, TPM Device Driver)
0x80680000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x919B8000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8DBAA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8DB6B000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x8E4BD000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xB2FF4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x914B0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D984000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9147B000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x8DFD5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8DFE2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x914ED000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8DBCE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DB5A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x88BE8000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D9E7000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071E000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x919C5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D9A3000 C:\Windows\system32\DRIVERS\HECI.sys 40960 bytes (Intel Corporation, Intel® Management Engine Interface)
0x88707000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E4B3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAEF05000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x918F0000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88778000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB2FEA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x88D4A000 C:\Windows\System32\DRIVERS\ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0x91525000 C:\Windows\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0x91000000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x88DE3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9148A000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x911C4000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91506000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94CC0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88BF3000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x91400000 C:\Windows\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver)
0x8DAE1000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D4000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x886E1000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x911E4000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DD000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x914DD000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x914E5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8DBA2000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x88D53000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8E4A9000 C:\Windows\system32\DRIVERS\Tvti2c.sys 32768 bytes (Lenovo (United States) Inc., SMBUS Driver)
0xB2E00000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x9149A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x915F9000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x911EC000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x911DD000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80403000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x91493000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E4A2000 C:\Windows\system32\DRIVERS\psadd.sys 28672 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0x8D9F2000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x918AD000 C:\Windows\System32\drivers\Tppwr32v.sys 28672 bytes (Lenovo Group Limited, Power Manager)
0x914A1000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x8DC07000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8DB65000 C:\Windows\system32\DRIVERS\ManyCam.sys 24576 bytes (ManyCam LLC., ManyCam Virtual Webcam, WDM Video Capture Driver)
0x9158A000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x914A7000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0x8DC00000 C:\Windows\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0x8DFFB000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB2F08000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x919F9000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8071B000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8DC05000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x919FD000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0x918FA000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0x8E4B1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8DFE0000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x919FC000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x82EB77AA-->82EB77B1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB4C, Type: Inline - RelativeJump 0x82EBBB4C-->82EBBB5E [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB68, Type: Inline - RelativeJump 0x82EBBB68-->82EBBB75 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x830A0DCA-->9198D39C [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8303F543-->9198A7F2 [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x82FE662F-->91988D4C [aswSP.SYS]
ntkrnlpa.exe-->TmInitSystem, Type: Inline - RelativeJump 0x831691DF-->831691E9 [ntkrnlpa.exe]
[1028]DTS.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[1028]DTS.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1028]DTS.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[1028]DTS.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[1028]DTS.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[1028]DTS.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[1028]DTS.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[1028]DTS.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[1028]DTS.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000A0C0C [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000A0E10 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000A0804 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000A0A08 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000A01F8 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000A03FC [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000A0600 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000A1014 [unknown_code_page]
[1040]ibmpmsvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1040]ibmpmsvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000801F8 [unknown_code_page]
[1040]ibmpmsvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000803FC [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000B0600 [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000B0804 [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000B01F8 [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000B0A08 [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000B03FC [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[1072]AtService.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1072]AtService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[1072]AtService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[1072]AtService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[1072]AtService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[1072]AtService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[1072]AtService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[1072]AtService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1120]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1120]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1120]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001D0600 [unknown_code_page]
[1120]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001D0804 [unknown_code_page]
[1120]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001D01F8 [unknown_code_page]
[1120]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001D0A08 [unknown_code_page]
[1120]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001D03FC [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1164]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1164]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1164]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00230600 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00230804 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002301F8 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00230A08 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002303FC [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[1180]wmpnetwk.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1180]wmpnetwk.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[1180]wmpnetwk.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000C0C0C [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000C0E10 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000C0804 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000C0A08 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000C01F8 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000C03FC [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000C0600 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000C1014 [unknown_code_page]
[1220]wmpnscfg.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1220]wmpnscfg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000901F8 [unknown_code_page]
[1220]wmpnscfg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000903FC [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000D0600 [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000D0804 [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000D01F8 [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000D0A08 [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000D03FC [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1268]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1268]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1268]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1268]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00280600 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00280804 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002801F8 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00280A08 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002803FC [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[1328]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1328]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1328]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1328]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00E20600 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00E20804 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->00E201F8 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00E20A08 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->00E203FC [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000B0C0C [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000B0E10 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000B0804 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000B0A08 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000B01F8 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000B03FC [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000B0600 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000B1014 [unknown_code_page]
[1352]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1352]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1352]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00910600 [unknown_code_page]
[1352]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00910804 [unknown_code_page]
[1352]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->009101F8 [unknown_code_page]
[1352]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00910A08 [unknown_code_page]
[1352]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->009103FC [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1464]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1464]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1464]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1544]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1544]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1544]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00CC0600 [unknown_code_page]
[1544]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00CC0804 [unknown_code_page]
[1544]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->00CC01F8 [unknown_code_page]
[1544]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00CC0A08 [unknown_code_page]
[1544]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->00CC03FC [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[1584]igfxsrvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1584]igfxsrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[1584]igfxsrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1688]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1688]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1688]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1688]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[1688]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[1688]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[1688]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[1688]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1900]wlanext.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1900]wlanext.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1900]wlanext.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00340C0C [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00340E10 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00340804 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00340A08 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003401F8 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003403FC [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00340600 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00341014 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1932]SvcGuiHlpr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00350600 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00350804 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003501F8 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00350A08 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003503FC [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[1940]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->6941E1E9 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->6941E860 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->6941EE46 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->6941FBE1 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->6942007C [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->6941FD66 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->69421AEC [IEShims.dll]
[1940]iexplore.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1940]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[1940]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[1940]iexplore.exe-->shell32.dll+0x000889A8, Type: Code Mismatch 0x76A089A8 + 559528 [4D 30 43 69]
[1940]iexplore.exe-->shell32.dll+0x000889B0, Type: Code Mismatch 0x76A089B0 + 559536 [57 2F 43 69 9C 5B 42 69]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->6941E1E9 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->6942103D [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->6941E860 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->6941EB68 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->6941A3FB [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->6941EE46 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->69423ADC [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->69423035 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->69422999 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->6941CAA7 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->6941BD77 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->6941C368 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->6941BEA2 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->6941C5D8 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->6941CD20 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->6941D22A [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->6941CFA8 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->6941D4B8 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->6941C709 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->6941C848 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->6941FBE1 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->6942007C [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->6941FD66 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->694209B9 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->69420994 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->69421614 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->69420C95 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->69421AEC [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->69421D56 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->6941C0FB [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->6941D9DA [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->6941DC5C [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->6941BB38 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->6941F0D0 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->6941F5C5 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->6941FAAA [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->6942ED95 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->6942E5C5 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->6942EF31 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->6943051D [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->6942EB3D [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->6942FBB3 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->6942F817 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x77828E3B-->6A08D0C5 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x778426F1-->6A195F9A [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x77849A62-->6A195FD1 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x778417AA-->6A195F63 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x778272A2-->6A09DE88 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77831305-->6A09DAFC [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7786847D-->6A19535A [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77852EF5-->6A1952F7 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x77868152-->6A195294 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x778510B0-->69FC54D5 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7782CD8B-->6A09DD15 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7785326E-->69FC7E8E [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7782863C-->69FB8F0F [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x77838CB1-->6A09D2C5 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x77841847-->6A1957FF [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x77840745-->69FC59E7 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->6941E1E9 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->6941E860 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->6941A3FB [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->6941EE46 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->69423ADC [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->69423035 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->69422999 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->6941D4B8 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->6941FBE1 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->6942007C [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->6941FD66 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->69420994 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->69421AEC [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->69421D56 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->6941DC5C [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x7787D972-->6A196AAF [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7787D639-->6A19515C [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7787D65D-->6A1950FA [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7787D4D9-->6A195229 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7787D5D3-->6A1951BE [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x77852F75-->6A19672B [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x77866FB2-->6A19677F [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x77850987-->6A195B6E [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[1940]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->6A099A89 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[1940]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->6A00467E [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[1940]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->694182F6 [IEShims.dll]
[1952]SearchProtocolHost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[1952]SearchProtocolHost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1952]SearchProtocolHost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[1952]SearchProtocolHost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000B0C0C [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000B0E10 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000B0804 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000B0A08 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000B01F8 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000B03FC [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000B0600 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000B1014 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2068]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000901F8 [unknown_code_page]
[2068]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000903FC [unknown_code_page]
[2068]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000F0600 [unknown_code_page]
[2068]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000F0804 [unknown_code_page]
[2068]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000F01F8 [unknown_code_page]
[2068]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000F0A08 [unknown_code_page]
[2068]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000F03FC [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[2292]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->6941E1E9 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->6941E860 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->6941EE46 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->6941FBE1 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->6942007C [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->6941FD66 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->69421AEC [IEShims.dll]
[2292]iexplore.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2292]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[2292]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[2292]iexplore.exe-->shell32.dll+0x000889A8, Type: Code Mismatch 0x76A089A8 + 559528 [4D 30 43 69]
[2292]iexplore.exe-->shell32.dll+0x000889B0, Type: Code Mismatch 0x76A089B0 + 559536 [57 2F 43 69 9C 5B 42 69]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->6941E1E9 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->6942103D [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->6941E860 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->6941EB68 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->6941A3FB [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->6941EE46 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->69423ADC [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->69423035 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->69422999 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->6941CAA7 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->6941BD77 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->6941C368 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->6941BEA2 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->6941C5D8 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->6941CD20 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->6941D22A [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->6941CFA8 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->6941D4B8 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->6941C709 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->6941C848 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->6941FBE1 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->6942007C [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->6941FD66 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->694209B9 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->69420994 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->69421614 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->69420C95 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->69421AEC [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->69421D56 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->6941C0FB [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->6941D9DA [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->6941DC5C [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->6941BB38 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->6941F0D0 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->6941F5C5 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->6941FAAA [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->6942ED95 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->6942E5C5 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->6942EF31 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->6943051D [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->6942EB3D [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->6942FBB3 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->6942F817 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x77828E3B-->6A08D0C5 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x778426F1-->6A195F9A [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x77849A62-->6A195FD1 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x778417AA-->6A195F63 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x778272A2-->6A09DE88 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77831305-->6A09DAFC [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7786847D-->6A19535A [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77852EF5-->6A1952F7 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x77868152-->6A195294 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x778510B0-->69FC54D5 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7782CD8B-->6A09DD15 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7785326E-->69FC7E8E [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7782863C-->69FB8F0F [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x77838CB1-->6A09D2C5 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x77841847-->6A1957FF [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x77840745-->69FC59E7 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->6941E1E9 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->6941E860 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->6941A3FB [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->6941EE46 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->69423ADC [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->69423035 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->69422999 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->6941D4B8 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->6941FBE1 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->6942007C [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->6941FD66 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->69420994 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->69421AEC [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->69421D56 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->6941DC5C [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x7787D972-->6A196AAF [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7787D639-->6A19515C [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7787D65D-->6A1950FA [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7787D4D9-->6A195229 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7787D5D3-->6A1951BE [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x77852F75-->6A19672B [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x77866FB2-->6A19677F [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x77850987-->6A195B6E [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[2292]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->6A099A89 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[2292]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->6A00467E [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[2292]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->694182F6 [IEShims.dll]
[2328]TPHKSVC.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[2328]TPHKSVC.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2328]TPHKSVC.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2328]TPHKSVC.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[232]AvastSvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[232]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x765EA8C5-->EC900004 [unknown_code_page]
[232]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Code Mismatch 0x765EA8C5 + 3 [90]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->001C0C0C [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->001C0E10 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->001C0804 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->001C0A08 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001C01F8 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001C03FC [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->001C0600 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->001C1014 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2352]AcPrfMgrSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001D0600 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001D0804 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001D01F8 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001D0A08 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001D03FC [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2376]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2420]mDNSResponder.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2420]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2420]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00C00C0C [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00C00E10 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00C00804 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00C00A08 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->00C001F8 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->00C003FC [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00C00600 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00C01014 [unknown_code_page]
[2444]EvtEng.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2444]EvtEng.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2444]EvtEng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00C10600 [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00C10804 [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->00C101F8 [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00C10A08 [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->00C103FC [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00190C0C [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00190E10 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00190804 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00190A08 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001901F8 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001903FC [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00190600 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00191014 [unknown_code_page]
[2532]DDNIOEMService.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2532]DDNIOEMService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2532]DDNIOEMService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2540]iPodService.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2540]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2540]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00190C0C [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00190E10 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00190804 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00190A08 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001901F8 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001903FC [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00190600 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00191014 [unknown_code_page]
[2552]fbguard.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2552]fbguard.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2552]fbguard.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001A0600 [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001A0804 [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001A01F8 [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001A0A08 [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001A03FC [unknown_code_page]
[2600]PresentationFontCache.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2744]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[2744]Ati2evxx.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2744]Ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[2744]Ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00160600 [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00160804 [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001601F8 [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00160A08 [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001603FC [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2848]dwm.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2848]dwm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2848]dwm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2848]dwm.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2848]dwm.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2848]dwm.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2848]dwm.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2848]dwm.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2884]explorer.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2884]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2884]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2884]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2884]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2884]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2884]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2884]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[2976]TpShocks.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2976]TpShocks.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2976]TpShocks.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00190600 [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00190804 [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001901F8 [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00190A08 [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001903FC [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[3012]Ati2evxx.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3012]Ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[3012]Ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00160600 [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00160804 [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001601F8 [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00160A08 [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001603FC [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3128]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3128]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3128]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3128]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000C0600 [unknown_code_page]
[3128]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000C0804 [unknown_code_page]
[3128]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000C01F8 [unknown_code_page]
[3128]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000C0A08 [unknown_code_page]
[3128]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000C03FC [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[3140]PWMDBSVC.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3140]PWMDBSVC.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3140]PWMDBSVC.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[3164]RegSrvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3164]RegSrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3164]RegSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3180]SeaPort.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3180]SeaPort.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3180]SeaPort.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3228]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3228]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3228]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[3264]tvttcsd.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3264]tvttcsd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3264]tvttcsd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001A0600 [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001A0804 [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001A01F8 [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001A0A08 [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001A03FC [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3300]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3300]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3300]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[3324]iexplore.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3324]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[3324]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77831305-->6A09DAFC [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7786847D-->6A19535A [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77852EF5-->6A1952F7 [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x77868152-->6A195294 [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x778510B0-->69FC54D5 [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7787D639-->6A19515C [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7787D65D-->6A1950FA [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7787D4D9-->6A195229 [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7787D5D3-->6A1951BE [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3336]SearchIndexer.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3336]SearchIndexer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3336]SearchIndexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[3392]XAudio.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3392]XAudio.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[3392]XAudio.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00330C0C [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00330E10 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00330804 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00330A08 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003301F8 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003303FC [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00330600 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00331014 [unknown_code_page]
[3424]AcSvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3424]AcSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[3424]AcSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00340600 [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00340804 [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003401F8 [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00340A08 [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003403FC [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3604]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3604]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3604]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00280C0C [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00280E10 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00280804 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00280A08 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002801F8 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002803FC [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00280600 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00281014 [unknown_code_page]
[3668]fbserver.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3668]fbserver.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->002501F8 [unknown_code_page]
[3668]fbserver.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->002503FC [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00290600 [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00290804 [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002901F8 [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00290A08 [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002903FC [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->001A0C0C [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->001A0E10 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->001A0804 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->001A0A08 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001A01F8 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001A03FC [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->001A0600 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->001A1014 [unknown_code_page]
[3732]TSVNCache.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3732]TSVNCache.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3732]TSVNCache.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001B0600 [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001B0804 [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001B01F8 [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001B0A08 [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001B03FC [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[3748]WmiPrvSE.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3748]WmiPrvSE.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3748]WmiPrvSE.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00090600 [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00090804 [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000901F8 [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00090A08 [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000903FC [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[376]spoolsv.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[376]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[376]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00160C0C [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00160E10 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00160804 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00160A08 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001601F8 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001603FC [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00160600 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00161014 [unknown_code_page]
[3884]tpfnf7sp.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3884]tpfnf7sp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[3884]tpfnf7sp.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[3900]iviRegMgr.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3900]iviRegMgr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3900]iviRegMgr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00280C0C [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00280E10 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00280804 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00280A08 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002801F8 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002803FC [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00280600 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00281014 [unknown_code_page]
[3920]SynTPEnh.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3920]SynTPEnh.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3920]SynTPEnh.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00270600 [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00270804 [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002701F8 [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00270A08 [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002703FC [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00190C0C [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00190E10 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00190804 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00190A08 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001901F8 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001903FC [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00190600 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00191014 [unknown_code_page]
[3984]EZEJMNAP.EXE-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3984]EZEJMNAP.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3984]EZEJMNAP.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[4104]igfxpers.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4104]igfxpers.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4104]igfxpers.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[4152]LPMGR.EXE-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4152]LPMGR.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4152]LPMGR.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[4164]LPMLCHK.EXE-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4164]LPMLCHK.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4164]LPMLCHK.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->69A34618 [shimeng.dll]
[4172]MCPLaunch.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[4172]MCPLaunch.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->69A34618 [shimeng.dll]
[4172]MCPLaunch.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4172]MCPLaunch.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[4172]MCPLaunch.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[4172]MCPLaunch.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->69A34618 [shimeng.dll]
[4172]MCPLaunch.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->69A34618 [shimeng.dll]
[4172]MCPLaunch.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[4172]MCPLaunch.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[4172]MCPLaunch.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[4172]MCPLaunch.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[4172]MCPLaunch.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000C0C0C [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000C0E10 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000C0804 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000C0A08 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000C01F8 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000C03FC [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000C0600 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000C1014 [unknown_code_page]
[4180]rundll32.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4180]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[4180]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[4180]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000B0600 [unknown_code_page]
[4180]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000B0804 [unknown_code_page]
[4180]rundll32.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000B01F8 [unknown_code_page]
[4180]rundll32.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000B0A08 [unknown_code_page]
[4180]rundll32.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000B03FC [unknown_code_page]
[4180]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->69A34618 [shimeng.dll]
[4208]scheduler_proxy.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[4208]scheduler_proxy.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4208]scheduler_proxy.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[4208]scheduler_proxy.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00160600 [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00160804 [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001601F8 [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00160A08 [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001603FC [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->003D0C0C [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->003D0E10 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->003D0804 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->003D0A08 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003D01F8 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003D03FC [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->003D0600 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->003D1014 [unknown_code_page]
[4216]ACTray.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4216]ACTray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4216]ACTray.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->003C0600 [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->003C0804 [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003C01F8 [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->003C0A08 [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003C03FC [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->003E0C0C [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->003E0E10 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->003E0804 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->003E0A08 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003E01F8 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003E03FC [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->003E0600 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->003E1014 [unknown_code_page]
[4232]ACWLIcon.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4232]ACWLIcon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4232]ACWLIcon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->003D0600 [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->003D0804 [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003D01F8 [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->003D0A08 [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003D03FC [unknown_code_page]
[4244]MOM.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4300]cssauth.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->002B0C0C [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->002B0E10 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->002B0804 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->002B0A08 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002B01F8 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002B03FC [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->002B0600 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->002B1014 [unknown_code_page]
[4300]cssauth.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4300]cssauth.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4300]cssauth.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->002A0600 [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->002A0804 [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002A01F8 [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->002A0A08 [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002A03FC [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00190C0C [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00190E10 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00190804 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00190A08 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001901F8 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001903FC [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00190600 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00191014 [unknown_code_page]
[4316]tpfnf6r.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4316]tpfnf6r.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4316]tpfnf6r.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[4360]iTunesHelper.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4360]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[4360]iTunesHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[4544]notepad.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4544]notepad.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[4544]notepad.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[4544]notepad.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[4544]notepad.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[4544]notepad.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[4544]notepad.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[4544]notepad.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00270C0C [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00270E10 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00270804 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00270A08 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002701F8 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002703FC [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00270600 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00271014 [unknown_code_page]
[4548]realsched.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4548]realsched.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x765EA8C5-->EC810004 [unknown_code_page]
[4548]realsched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[4548]realsched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[4548]realsched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00260600 [unknown_code_page]
[4548]realsched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00260804 [unknown_code_page]
[4548]realsched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002601F8 [unknown_code_page]
[4548]realsched.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00260A08 [unknown_code_page]
[4548]realsched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002603FC [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4556]RIMBBLaunchAgent.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001601F8 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001603FC [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[4564]AvastUI.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4576]password_manager.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00370C0C [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00370E10 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00370804 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00370A08 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003701F8 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003703FC [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00370600 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00371014 [unknown_code_page]
[4576]password_manager.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4576]password_manager.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4576]password_manager.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00360600 [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00360804 [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003601F8 [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00360A08 [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003603FC [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00940C0C [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00940E10 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00940804 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00940A08 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->009401F8 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->009403FC [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00940600 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00941014 [unknown_code_page]
[4580]msnmsgr.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4580]msnmsgr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[4580]msnmsgr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00950600 [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00950804 [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->009501F8 [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00950A08 [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->009503FC [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4808]tvt_reg_monitor_svc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[4984]TPHDEXLG.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4984]TPHDEXLG.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[4984]TPHDEXLG.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00190600 [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00190804 [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001901F8 [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00190A08 [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001903FC [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00380C0C [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00380E10 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00380804 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00380A08 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003801F8 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003803FC [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00380600 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00381014 [unknown_code_page]
[5032]rrpservice.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5032]rrpservice.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[5032]rrpservice.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00370600 [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00370804 [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003701F8 [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00370A08 [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003703FC [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00260C0C [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00260E10 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00260804 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00260A08 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002601F8 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002603FC [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00260600 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00261014 [unknown_code_page]
[5204]rrservice.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5204]rrservice.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[5204]rrservice.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00250600 [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00250804 [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002501F8 [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00250A08 [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002503FC [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[5260]SynTPLpr.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5260]SynTPLpr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[5260]SynTPLpr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[5432]wlcomm.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5432]wlcomm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[5432]wlcomm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[5436]tvtsched.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5436]tvtsched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[5436]tvtsched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00160600 [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00160804 [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001601F8 [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00160A08 [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001603FC [unknown_code_page]
[5444]CCC.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00270C0C [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00270E10 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00270804 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00270A08 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002701F8 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002703FC [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00270600 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00271014 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5472]FlashUtil10t_ActiveX.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00290600 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00290804 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002901F8 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00290A08 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002903FC [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[5548]SynTPHelper.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5548]SynTPHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[5548]SynTPHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[6000]wuauclt.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[6000]wuauclt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[6000]wuauclt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[656]csrss.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[696]wininit.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00050C0C [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00050E10 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00050804 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00050A08 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000501F8 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000503FC [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00050600 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00051014 [unknown_code_page]
[696]wininit.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[696]wininit.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000301F8 [unknown_code_page]
[696]wininit.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000303FC [unknown_code_page]
[696]wininit.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00060600 [unknown_code_page]
[696]wininit.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00060804 [unknown_code_page]
[696]wininit.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000601F8 [unknown_code_page]
[696]wininit.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00060A08 [unknown_code_page]
[696]wininit.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000603FC [unknown_code_page]
[708]csrss.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[740]services.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[740]services.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[740]services.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[740]services.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[740]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[740]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[740]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[740]services.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[740]services.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[740]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[740]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[740]services.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[740]services.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[740]services.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[740]services.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[740]services.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[756]lsass.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[756]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[756]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[756]lsass.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000D0600 [unknown_code_page]
[756]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000D0804 [unknown_code_page]
[756]lsass.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000D01F8 [unknown_code_page]
[756]lsass.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000D0A08 [unknown_code_page]
[756]lsass.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000D03FC [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[764]lsm.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[764]lsm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[764]lsm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00050C0C [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00050E10 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00050804 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00050A08 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000501F8 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000503FC [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00050600 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00051014 [unknown_code_page]
[840]winlogon.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[840]winlogon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000301F8 [unknown_code_page]
[840]winlogon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000303FC [unknown_code_page]
[840]winlogon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00060600 [unknown_code_page]
[840]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00060804 [unknown_code_page]
[840]winlogon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000601F8 [unknown_code_page]
[840]winlogon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00060A08 [unknown_code_page]
[840]winlogon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000603FC [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000B0C0C [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000B0E10 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000B0804 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000B0A08 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000B01F8 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000B03FC [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000B0600 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000B1014 [unknown_code_page]
[944]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[944]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[944]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[944]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00A30600 [unknown_code_page]
[944]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00A30804 [unknown_code_page]
[944]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->00A301F8 [unknown_code_page]
[944]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00A30A08 [unknown_code_page]
[944]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->00A303FC [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Edited by nortan360, 28 August 2011 - 07:14 AM.

[Bismillah]

Okay ive created the tools folder
Inside i have
aswMBR
Combofix named Command.com
TDDSKiller
Rootkit Unhooker
OTL
OTS
AVPTool


AVPTool wont install...

Edited by nortan360, 28 August 2011 - 07:25 AM.

[Bismillah]

Also my mouse is moving itself..


it keeps going to start then opening all programs..

Edited by nortan360, 28 August 2011 - 09:01 AM.