WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


go.google.com infection

2 posters

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection26th July 2010, 8:22 am

more_horiz
[2700]postgres.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2700]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2700]postgres.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2700]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2700]postgres.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2700]postgres.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2700]postgres.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2700]postgres.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2700]postgres.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2700]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2700]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2700]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2712]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2712]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2712]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2712]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2712]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2712]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2712]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2712]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2712]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2712]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2712]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2712]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2712]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2712]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2712]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2712]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2712]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2712]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2712]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2712]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2712]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2712]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[2712]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[2712]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[2712]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[2712]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2736]postgres.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2736]postgres.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2736]postgres.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2736]postgres.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2736]postgres.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2736]postgres.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2736]postgres.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2736]postgres.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2736]postgres.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2736]postgres.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2736]postgres.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2736]postgres.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2736]postgres.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2736]postgres.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2736]postgres.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2736]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2736]postgres.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2736]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2736]postgres.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2736]postgres.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2736]postgres.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2736]postgres.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2736]postgres.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2736]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2736]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2736]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2780]postgres.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2780]postgres.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2780]postgres.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2780]postgres.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2780]postgres.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2780]postgres.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2780]postgres.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2780]postgres.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2780]postgres.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2780]postgres.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2780]postgres.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2780]postgres.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2780]postgres.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2780]postgres.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2780]postgres.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2780]postgres.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2780]postgres.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2780]postgres.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2780]postgres.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2780]postgres.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2780]postgres.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2780]postgres.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2780]postgres.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2780]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2780]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2780]postgres.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[2856]mcrdsvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[2856]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[2856]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[2856]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[2856]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[2856]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[2856]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[2856]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[2856]mcrdsvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[2856]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[2856]mcrdsvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2856]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2856]mcrdsvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[2856]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[2856]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[3168]searchindexer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3168]searchindexer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3168]searchindexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3168]searchindexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3168]searchindexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3168]searchindexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3168]searchindexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3168]searchindexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3168]searchindexer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3168]searchindexer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3168]searchindexer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3168]searchindexer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3168]searchindexer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3168]searchindexer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3168]searchindexer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3168]searchindexer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3168]searchindexer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3168]searchindexer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3168]searchindexer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3168]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]
[3168]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[3168]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[3168]searchindexer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3168]searchindexer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3168]searchindexer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3168]searchindexer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3168]searchindexer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3168]searchindexer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[3168]searchindexer.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[3168]searchindexer.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[332]ehSched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[332]ehSched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[332]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[332]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[332]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[332]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[332]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[332]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[332]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[332]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[332]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[332]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[332]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[332]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[332]ehSched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[332]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[332]ehSched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[332]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[332]ehSched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[332]ehSched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[332]ehSched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[332]ehSched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3380]orca.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3380]orca.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3380]orca.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3380]orca.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3380]orca.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3380]orca.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3380]orca.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3380]orca.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3380]orca.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3380]orca.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3380]orca.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3380]orca.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3380]orca.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3380]orca.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3380]orca.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3380]orca.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3380]orca.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3380]orca.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3380]orca.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3380]orca.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3380]orca.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3380]orca.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3380]orca.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3380]orca.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3380]orca.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3380]orca.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3380]orca.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[3380]orca.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[3380]orca.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[3380]orca.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[3380]orca.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[3380]orca.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection26th July 2010, 8:23 am

more_horiz
[3708]explorer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3708]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3708]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3708]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3708]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3708]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3708]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3708]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3708]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3708]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3708]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3708]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3708]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3708]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3708]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3708]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3708]explorer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3708]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3708]explorer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3708]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3708]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3708]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3708]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3708]explorer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3708]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3708]explorer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3708]explorer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3708]explorer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3708]explorer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3708]explorer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3708]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3708]explorer.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[3708]explorer.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[3708]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3708]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3792]msmsgs.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[3792]msmsgs.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[3792]msmsgs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[3792]msmsgs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[3792]msmsgs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[3792]msmsgs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[3792]msmsgs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[3792]msmsgs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[3792]msmsgs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[3792]msmsgs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[3792]msmsgs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[3792]msmsgs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[3792]msmsgs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[3792]msmsgs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[3792]msmsgs.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[3792]msmsgs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[3792]msmsgs.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3792]msmsgs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3792]msmsgs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[3792]msmsgs.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3792]msmsgs.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[3792]msmsgs.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[3792]msmsgs.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[3792]msmsgs.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[3792]msmsgs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[3792]msmsgs.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3D94DEAE-->00000000 [guard32.dll]
[3792]msmsgs.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x3D94F862-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[3792]msmsgs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[3792]msmsgs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[408]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[408]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[408]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[408]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[408]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[408]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[408]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[408]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[408]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[408]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[408]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[408]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[408]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[408]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[408]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[440]MemCheck.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[440]MemCheck.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[440]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[440]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[440]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[440]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[440]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[440]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[440]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[440]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[440]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[440]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[440]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[440]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[440]MemCheck.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[440]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[440]MemCheck.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[440]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[440]MemCheck.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[440]MemCheck.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[440]MemCheck.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[440]MemCheck.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[440]MemCheck.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[440]MemCheck.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[440]MemCheck.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[440]MemCheck.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[468]dllhost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[468]dllhost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[468]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[468]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[468]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[468]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[468]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[468]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[468]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[468]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[468]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[468]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[468]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[468]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[468]dllhost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[468]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[468]dllhost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[468]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[468]dllhost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[468]dllhost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[468]dllhost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[468]dllhost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[468]dllhost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[468]dllhost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[468]dllhost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[468]dllhost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[576]ehrecvr.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[576]ehrecvr.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[576]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[576]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[576]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[576]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[576]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[576]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[576]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[576]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[576]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[576]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[576]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[576]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[576]ehrecvr.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[576]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[576]ehrecvr.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[576]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[576]ehrecvr.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[576]ehrecvr.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[576]ehrecvr.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[576]ehrecvr.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[636]FolderSizeSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[636]FolderSizeSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[636]FolderSizeSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[636]FolderSizeSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[636]FolderSizeSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[636]FolderSizeSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[636]FolderSizeSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[636]FolderSizeSvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[636]FolderSizeSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[636]FolderSizeSvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[636]FolderSizeSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[636]FolderSizeSvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[636]FolderSizeSvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection26th July 2010, 8:23 am

more_horiz
[756]services.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[756]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[756]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[756]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[756]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[756]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[756]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[756]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[756]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[756]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[756]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[756]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[756]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[756]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[756]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[756]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[756]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[756]services.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[756]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[776]lsass.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[776]lsass.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[776]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[776]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[776]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[776]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[776]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[776]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[776]lsass.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[776]lsass.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[776]lsass.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[776]lsass.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[776]lsass.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[776]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[776]lsass.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [guard32.dll]
[776]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB404E-->00000000 [guard32.dll]
[776]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4053 [unknown_code_page]
[776]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB4054 [unknown_code_page]
[904]FsUsbExService.Exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[904]FsUsbExService.Exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[904]FsUsbExService.Exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[904]FsUsbExService.Exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[904]FsUsbExService.Exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[904]FsUsbExService.Exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[904]FsUsbExService.Exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[904]FsUsbExService.Exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[904]FsUsbExService.Exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[904]FsUsbExService.Exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[904]FsUsbExService.Exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[904]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[904]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[904]FsUsbExService.Exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[936]ati2evxx.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[936]ati2evxx.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[936]ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[936]ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[936]ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[936]ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[936]ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[936]ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[936]ati2evxx.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[936]ati2evxx.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[936]ati2evxx.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[936]ati2evxx.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[936]ati2evxx.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[936]ati2evxx.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[936]ati2evxx.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[936]ati2evxx.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[936]ati2evxx.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[936]ati2evxx.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[936]ati2evxx.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[936]ati2evxx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[936]ati2evxx.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[936]ati2evxx.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]
[972]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E10CE8-->00000000 [guard32.dll]
[972]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DEA8A9-->00000000 [guard32.dll]
[972]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [guard32.dll]
[972]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37216 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E37217 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [guard32.dll]
[972]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AE [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E373AF [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DF4C66-->00000000 [guard32.dll]
[972]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6B [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DF4C6C [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE6FFD-->00000000 [guard32.dll]
[972]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7002 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE7003 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286EE-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85F39C-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B32-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B37 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B38 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F87B-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EDD-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F63-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B741-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E4DD-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86261E-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835EBF-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85E49B-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C83568B-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821261-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EDE-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F72E-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821982-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [guard32.dll]
[972]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C917EA8-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[972]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[972]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA411E0-->00000000 [guard32.dll]
[972]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40EB5-->00000000 [guard32.dll]
[972]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA0996B-->00000000 [guard32.dll]
[972]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB5D48-->00000000 [guard32.dll]
[972]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [guard32.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection26th July 2010, 6:43 pm

more_horiz
Hi.

Download MBRCheck to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.



............................................................................................

I'm livin' life in the fast lane.

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection26th July 2010, 7:28 pm

more_horiz
MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\J: --> \\.\PhysicalDrive5



Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Unknown MBR code

232 GB \\.\PhysicalDrive5 Error reading raw MBR!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection26th July 2010, 7:37 pm

more_horiz
Hi.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, please follow these instructions:

    Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

    Code:

    @ECHO OFF
    START remover.exe fix \\.\PhysicalDrive0
    remover.exe fix \\.\PhysicalDrive5
    EXIT

    Save this as fix.bat Choose to "Save type as - All Files"
    It should look like this: go.google.com infection - Page 2 Bat_icon
    Double click on fix.bat & allow it to run.

  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.



............................................................................................

I'm livin' life in the fast lane.

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection26th July 2010, 9:16 pm

more_horiz
Initially I was getting:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Restoring boot code at \\.\PhysicalDrive5...
SPTI_Read(): DeviceIoControl() ERROR 121
ERROR: Can't read first sector of disk by SPTI.

Done;
Press any key to quit...


But after making sure the firewall allowed the batch file and all the commands in it to run properly (took a few attempts) I got the following:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Restoring boot code at \\.\PhysicalDrive0...
OK

Done;
Press any key to quit...


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Restoring boot code at \\.\PhysicalDrive5...
OK

Done;
Press any key to quit...

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection26th July 2010, 10:40 pm

more_horiz
Hi.

Could you please run MBRCheck again and post the log here.

............................................................................................

I'm livin' life in the fast lane.

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection27th July 2010, 10:11 am

more_horiz
MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> error 5

\\.\D: --> error 5

\\.\J: --> error 5





Done! Press ENTER to exit...

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection27th July 2010, 3:55 pm

more_horiz
Hi.

It is showing errors, could you please run it again.

............................................................................................

I'm livin' life in the fast lane.

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection28th July 2010, 10:09 am

more_horiz
MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\J: --> \\.\PhysicalDrive5



Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows XP MBR code detected

232 GB \\.\PhysicalDrive5 Error reading raw MBR!





Done! Press ENTER to exit...

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection28th July 2010, 10:10 am

more_horiz
The drive that seems to be having errors (J:\) is an external WD hard drive that I use as a backup drive if that helps any.

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection28th July 2010, 6:22 pm

more_horiz
Hi.

Thanks for clearing that up, I thought it was a partition.

Are you still having update issues?

............................................................................................

I'm livin' life in the fast lane.

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection28th July 2010, 6:29 pm

more_horiz
MS Updates seems to work OK (although there are no updates for me to take at present), I haven't had anything else go weird on me recently and I haven't see that Visual Studio debugger dialog for a few days.

Reckon I'm all clean then?

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection28th July 2010, 6:35 pm

more_horiz
Yep. Smile...

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit Here

............................................................................................

I'm livin' life in the fast lane.

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection30th July 2010, 8:19 am

more_horiz
Apologies for not replying before now. I have been waiting a couple of days so I can check a few things out and make sure my PC is behaving as one would expect from a clean PC.

And it is!

Thank you so much - your help with this is REALLY appreciated Smile...

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection30th July 2010, 7:03 pm

more_horiz
You're welcome, glad to help.

............................................................................................

I'm livin' life in the fast lane.

descriptiongo.google.com infection - Page 2 EmptyRe: go.google.com infection

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum