RkUnhooker report generator v0.5c ============================================== Rootkit Unhooker kernel version: 3.20.130.384 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >Processes Process: C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE Process Id: 244 EPROCESS Address: 0x864ABDA8 Process: C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE Process Id: 260 EPROCESS Address: 0x8648FBE8 Process: C:\WINDOWS\explorer.exe Process Id: 1540 EPROCESS Address: 0x864705E0 Process: C:\Program Files\ASUS\Probe\AsusProb.exe Process Id: 1876 EPROCESS Address: 0x866597A0 Process: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Process Id: 1884 EPROCESS Address: 0x865C6020 Process: C:\Program Files\Logitech\iTouch\iTouch.exe Process Id: 1900 EPROCESS Address: 0x865C45C8 Process: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe Process Id: 1916 EPROCESS Address: 0x864B3B30 Process: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe Process Id: 1928 EPROCESS Address: 0x863C8DA8 Process: C:\WINDOWS\mixer.exe Process Id: 1944 EPROCESS Address: 0x8648CA28 Process: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe Process Id: 1964 EPROCESS Address: 0x864AE420 Process: System Process Id: 4 EPROCESS Address: 0x867CE7C8 Process: C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe Process Id: 336 EPROCESS Address: 0x86454BE8 Process: C:\WINDOWS\system32\alg.exe Process Id: 340 EPROCESS Address: 0x863D5A28 Process: C:\Program Files\AntiVir PersonalEdition Classic\sched.exe Process Id: 412 EPROCESS Address: 0x86613370 Process: C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe Process Id: 440 EPROCESS Address: 0x864E0A10 Process: C:\WINDOWS\system32\drivers\CDANTSRV.EXE Process Id: 488 EPROCESS Address: 0x865DC340 Process: C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe Process Id: 532 EPROCESS Address: 0x864F7918 Process: C:\WINDOWS\system32\smss.exe Process Id: 556 EPROCESS Address: 0x866559A8 Process: C:\RkUnhooker\BD96C8C3BD96C.exe Process Id: 620 EPROCESS Address: 0x85886338 Process: C:\WINDOWS\system32\csrss.exe Process Id: 628 EPROCESS Address: 0x8639A020 Process: C:\WINDOWS\system32\winlogon.exe Process Id: 652 EPROCESS Address: 0x86468490 Process: C:\WINDOWS\system32\services.exe Process Id: 700 EPROCESS Address: 0x864334E0 Process: C:\WINDOWS\system32\lsass.exe Process Id: 712 EPROCESS Address: 0x8645F3F0 Process: C:\WINDOWS\system32\wdfmgr.exe Process Id: 756 EPROCESS Address: 0x86632328 Process: C:\WINDOWS\system32\ati2evxx.exe Process Id: 876 EPROCESS Address: 0x8665EC00 Process: C:\WINDOWS\system32\svchost.exe Process Id: 908 EPROCESS Address: 0x8645C020 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1016 EPROCESS Address: 0x863C85D8 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1088 EPROCESS Address: 0x86651020 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1172 EPROCESS Address: 0x86635DA8 Process: C:\WINDOWS\system32\svchost.exe Process Id: 1184 EPROCESS Address: 0x864E9DA8 Process: C:\WINDOWS\system32\ati2evxx.exe Process Id: 1444 EPROCESS Address: 0x865AB460 Process: C:\WINDOWS\system32\BRSVC01A.EXE Process Id: 1576 EPROCESS Address: 0x864CD348 Process: C:\WINDOWS\system32\spoolsv.exe Process Id: 1676 EPROCESS Address: 0x86437AA0 Process: C:\WINDOWS\system32\BRSS01A.EXE Process Id: 1692 EPROCESS Address: 0x86448950 ============================================== >Drivers Driver: ati3duag.dll Address: 0xBFA57000 Size: 2232320 bytes Driver: ntoskrnl.exe Address: 0x804D4000 Size: 2045824 bytes Driver: PnpManager Address: 0x804D4000 Size: 2045824 bytes Driver: RAW Address: 0x804D4000 Size: 2045824 bytes Driver: WMIxWDM Address: 0x804D4000 Size: 2045824 bytes Driver: Win32k Address: 0xBF800000 Size: 1814528 bytes Driver: win32k.sys Address: 0xBF800000 Size: 1814528 bytes Driver: ati2mtag.sys Address: 0xF74EF000 Size: 1019904 bytes Driver: Ntfs.sys Address: 0xF76C2000 Size: 565248 bytes Driver: ativvaxx.dll Address: 0xBFC78000 Size: 442368 bytes Driver: mrxsmb.sys Address: 0xEF086000 Size: 409600 bytes Driver: cmaudio.sys Address: 0xF741A000 Size: 380928 bytes Driver: tcpip.sys Address: 0xEF139000 Size: 335872 bytes Driver: srv.sys Address: 0xEC782000 Size: 331776 bytes Driver: ati2dvag.dll Address: 0xBF9BB000 Size: 241664 bytes Driver: atikvmag.dll Address: 0xBFA26000 Size: 200704 bytes Driver: ati2cqag.dll Address: 0xBF9F6000 Size: 196608 bytes Driver: rdpdr.sys Address: 0xF72DD000 Size: 184320 bytes Driver: ACPI.sys Address: 0xF77E1000 Size: 180224 bytes Driver: mrxdav.sys Address: 0xEC8EB000 Size: 176128 bytes Driver: NDIS.sys Address: 0xF7699000 Size: 167936 bytes Driver: rdbss.sys Address: 0xEF0EA000 Size: 163840 bytes Driver: netbt.sys Address: 0xEF112000 Size: 159744 bytes Driver: dmio.sys Address: 0xF779E000 Size: 147456 bytes Driver: Fastfat.SYS Address: 0xEF062000 Size: 147456 bytes Driver: update.sys Address: 0xF72BB000 Size: 139264 bytes Driver: USBPORT.SYS Address: 0xF7477000 Size: 139264 bytes Driver: afd.sys Address: 0xECEC3000 Size: 135168 bytes Driver: portcls.sys Address: 0xF73F9000 Size: 135168 bytes Driver: ks.sys Address: 0xF7499000 Size: 131072 bytes Driver: ACPI_HAL Address: 0x806C8000 Size: 127872 bytes Driver: hal.dll Address: 0x806C8000 Size: 127872 bytes Driver: ftdisk.sys Address: 0xF77C2000 Size: 126976 bytes Driver: Mup.sys Address: 0xF767F000 Size: 106496 bytes Driver: SCSIPORT.SYS Address: 0xF7776000 Size: 94208 bytes Driver: atapi.sys Address: 0xF7760000 Size: 90112 bytes Driver: dump_atapi.sys Address: 0xEF024000 Size: 90112 bytes Driver: ndiswan.sys Address: 0xF73BB000 Size: 90112 bytes Driver: ipnat.sys Address: 0xEC58E000 Size: 81920 bytes Driver: KSecDD.sys Address: 0xF774C000 Size: 81920 bytes Driver: parport.sys Address: 0xF74CA000 Size: 77824 bytes Driver: wdmaud.sys Address: 0xECAF0000 Size: 77824 bytes Driver: VIDEOPRT.SYS Address: 0xF74DD000 Size: 73728 bytes Driver: dxg.sys Address: 0xBFF80000 Size: 69632 bytes Driver: LMouFlt2.Sys Address: 0xF74B9000 Size: 69632 bytes Driver: precsim.sys Address: 0xF778D000 Size: 69632 bytes Driver: psched.sys Address: 0xF730A000 Size: 69632 bytes Driver: avgntdd.sys Address: 0xF794E000 Size: 65536 bytes Driver: pci.sys Address: 0xF782E000 Size: 65536 bytes Driver: serial.sys Address: 0xF7A0E000 Size: 65536 bytes Driver: Udfs.SYS Address: 0xF799E000 Size: 65536 bytes Driver: Cdfs.SYS Address: 0xECE0B000 Size: 61440 bytes Driver: drmk.sys Address: 0xF7A6E000 Size: 61440 bytes Driver: ipsec.sys Address: 0xF795E000 Size: 61440 bytes Driver: redbook.sys Address: 0xF7A4E000 Size: 61440 bytes Driver: sysaudio.sys Address: 0xECC03000 Size: 57344 bytes Driver: i8042prt.sys Address: 0xF7A1E000 Size: 53248 bytes Driver: usbhub.sys Address: 0xF793E000 Size: 53248 bytes Driver: VolSnap.sys Address: 0xF785E000 Size: 53248 bytes Driver: cdrom.sys Address: 0xF7A3E000 Size: 49152 bytes Driver: CLASSPNP.SYS Address: 0xF787E000 Size: 49152 bytes Driver: L8042pr2.Sys Address: 0xF7A2E000 Size: 49152 bytes Driver: rasl2tp.sys Address: 0xF7A8E000 Size: 49152 bytes Driver: raspptp.sys Address: 0xF78BE000 Size: 49152 bytes Driver: dlkfet5b.sys Address: 0xF7A7E000 Size: 40960 bytes Driver: Imapi.SYS Address: 0xF7A5E000 Size: 40960 bytes Driver: MountMgr.sys Address: 0xF784E000 Size: 40960 bytes Driver: NDProxy.SYS Address: 0xF78EE000 Size: 40960 bytes Driver: raspppoe.sys Address: 0xF7A9E000 Size: 40960 bytes Driver: termdd.sys Address: 0xF78DE000 Size: 40960 bytes Driver: avgntmgr.sys Address: 0xF788E000 Size: 36864 bytes Driver: disk.sys Address: 0xF786E000 Size: 36864 bytes Driver: Fips.SYS Address: 0xF797E000 Size: 36864 bytes Driver: isapnp.sys Address: 0xF783E000 Size: 36864 bytes Driver: msgpc.sys Address: 0xF78CE000 Size: 36864 bytes Driver: netbios.sys Address: 0xF796E000 Size: 36864 bytes Driver: processr.sys Address: 0xF79FE000 Size: 36864 bytes Driver: wanarp.sys Address: 0xF798E000 Size: 36864 bytes Driver: Npfs.SYS Address: 0xF7B4E000 Size: 32768 bytes Driver: fdc.sys Address: 0xF7AF6000 Size: 28672 bytes Driver: sisagp.sys Address: 0xF7AC6000 Size: 28672 bytes Driver: usbprint.sys Address: 0xF7B5E000 Size: 28672 bytes Driver: kbdclass.sys Address: 0xF7AFE000 Size: 24576 bytes Driver: mouclass.sys Address: 0xF7B06000 Size: 24576 bytes Driver: PCIIDEX.SYS Address: 0xF7AAE000 Size: 24576 bytes Driver: rkhdrv31.SYS Address: 0xF7BDE000 Size: 24576 bytes Driver: BrPar.sys Address: 0xF7B9E000 Size: 20480 bytes Driver: flpydisk.sys Address: 0xF7B2E000 Size: 20480 bytes Driver: Msfs.SYS Address: 0xF7B46000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xF7AB6000 Size: 20480 bytes Driver: ptilink.sys Address: 0xF7B1E000 Size: 20480 bytes Driver: PxHelp20.sys Address: 0xF7ABE000 Size: 20480 bytes Driver: raspti.sys Address: 0xF7B26000 Size: 20480 bytes Driver: usbehci.sys Address: 0xF7B0E000 Size: 20480 bytes Driver: vga.sys Address: 0xF7B3E000 Size: 20480 bytes Driver: serenum.sys Address: 0xF7CF6000 Size: 16384 bytes Driver: TDI.SYS Address: 0xF7D12000 Size: 16384 bytes Driver: usbohci.sys Address: 0xF7D0A000 Size: 16384 bytes Driver: usbscan.sys Address: 0xF73ED000 Size: 16384 bytes Driver: watchdog.sys Address: 0xF73D9000 Size: 16384 bytes Driver: BOOTVID.dll Address: 0xF7C3E000 Size: 12288 bytes Driver: Dxapi.sys Address: 0xF73D5000 Size: 12288 bytes Driver: gameenum.sys Address: 0xF763B000 Size: 12288 bytes Driver: GVCplDrv.SYS Address: 0xEC9BE000 Size: 12288 bytes Driver: itchfltr.sys Address: 0xF7CFA000 Size: 12288 bytes Driver: ndistapi.sys Address: 0xF7D0E000 Size: 12288 bytes Driver: ndisuio.sys Address: 0xECF50000 Size: 12288 bytes Driver: pfc.sys Address: 0xF7CFE000 Size: 12288 bytes Driver: rasacd.sys Address: 0xF7CD2000 Size: 12288 bytes Driver: Beep.SYS Address: 0xF7D52000 Size: 8192 bytes Driver: dmload.sys Address: 0xF7D32000 Size: 8192 bytes Driver: dump_WMILIB.SYS Address: 0xF7D5C000 Size: 8192 bytes Driver: Fs_Rec.SYS Address: 0xF7D50000 Size: 8192 bytes Driver: KDCOM.DLL Address: 0xF7D2E000 Size: 8192 bytes Driver: mnmdd.SYS Address: 0xF7D54000 Size: 8192 bytes Driver: ParVdm.SYS Address: 0xF7D6A000 Size: 8192 bytes Driver: RDPCDD.sys Address: 0xF7D56000 Size: 8192 bytes Driver: siside.sys Address: 0xF7D34000 Size: 8192 bytes Driver: USBD.SYS Address: 0xF7D4E000 Size: 8192 bytes Driver: WMILIB.SYS Address: 0xF7D30000 Size: 8192 bytes Driver: aslm75.sys Address: 0xF7EFA000 Size: 4096 bytes Driver: audstub.sys Address: 0xF7F73000 Size: 4096 bytes Driver: dxgthk.sys Address: 0xF7F36000 Size: 4096 bytes Driver: Null.SYS Address: 0xF7EAB000 Size: 4096 bytes Driver: pciide.sys Address: 0xF7DF6000 Size: 4096 bytes Driver: swenum.sys Address: 0xF7E98000 Size: 4096 bytes Driver: ?_unknown_code_page_? Address: 0x867DF00C Size: 4084 bytes Driver: ?_unknown_code_page_? Address: 0x867DF01C Size: 4068 bytes Driver: ?_unknown_code_page_? Address: 0x867DD96E Size: 1682 bytes ============================================== >Files ============================================== >Hooks [1540]explorer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [1540]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [1540]explorer.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [1540]explorer.exe-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [1540]explorer.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [1540]explorer.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [1540]explorer.exe-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [1540]explorer.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [1540]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [1540]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [1540]explorer.exe-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [1540]explorer.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [1540]explorer.exe-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [1540]explorer.exe-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [1540]explorer.exe-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [1540]explorer.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [1876]AsusProb.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [1876]AsusProb.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [1876]AsusProb.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [1876]AsusProb.exe-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [1876]AsusProb.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [1876]AsusProb.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [1876]AsusProb.exe-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [1876]AsusProb.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [1876]AsusProb.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [1876]AsusProb.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [1876]AsusProb.exe-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [1876]AsusProb.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [1876]AsusProb.exe-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [1876]AsusProb.exe-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [1876]AsusProb.exe-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [1876]AsusProb.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [1884]atiptaxx.exe-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [1884]atiptaxx.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [1884]atiptaxx.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [1884]atiptaxx.exe-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [1884]atiptaxx.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [1884]atiptaxx.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [1900]iTouch.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [1900]iTouch.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [1900]iTouch.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [1900]iTouch.exe-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [1900]iTouch.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [1900]iTouch.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [1900]iTouch.exe-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [1900]iTouch.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [1900]iTouch.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [1900]iTouch.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [1900]iTouch.exe-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [1900]iTouch.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [1900]iTouch.exe-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [1900]iTouch.exe-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [1900]iTouch.exe-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [1900]iTouch.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [1916]avgnt.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [1916]avgnt.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [1916]avgnt.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [1916]avgnt.exe-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [1916]avgnt.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [1916]avgnt.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [1916]avgnt.exe-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [1916]avgnt.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [1916]avgnt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [1916]avgnt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [1916]avgnt.exe-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [1916]avgnt.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [1916]avgnt.exe-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [1916]avgnt.exe-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [1916]avgnt.exe-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [1916]avgnt.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [1928]mmtask.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [1928]mmtask.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [1928]mmtask.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [1928]mmtask.exe-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [1928]mmtask.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [1928]mmtask.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [1928]mmtask.exe-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [1928]mmtask.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [1928]mmtask.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [1928]mmtask.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [1928]mmtask.exe-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [1928]mmtask.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [1928]mmtask.exe-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [1928]mmtask.exe-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [1928]mmtask.exe-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [1928]mmtask.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [1944]mixer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [1944]mixer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [1944]mixer.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [1944]mixer.exe-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [1944]mixer.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [1944]mixer.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [1944]mixer.exe-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->DeleteFileA, Type: IAT modification at address 0x0044219C hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->GetFileAttributesA, Type: IAT modification at address 0x0044222C hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [1944]mixer.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [1944]mixer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [1944]mixer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [1944]mixer.exe-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [1944]mixer.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [1944]mixer.exe-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [1944]mixer.exe-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [1944]mixer.exe-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [1944]mixer.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [1964]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->DeleteFileA, Type: IAT modification at address 0x300010A8 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->GetFileAttributesA, Type: IAT modification at address 0x3000106C hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->LoadLibraryExA, Type: IAT modification at address 0x30001068 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [244]MSOFFICE.EXE-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump at address 0x77DD85D5 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump at address 0x77DAB8E9 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - RelativeJump at address 0x77DDBE1E hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->advapi32.dll-->GetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC5B8E hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump at address 0x77DB224D hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump at address 0x77DC5BED hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->advapi32.dll-->SetFileSecurityA, Type: Inline - RelativeJump at address 0x77DC6D69 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump at address 0x77E41BBC hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump at address 0x77E41B8E hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump at address 0x77E598FD hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->FindFirstFileW, Type: Inline - RelativeJump at address 0x77E5EB62 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump at address 0x77E5E68C hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->GetBinaryTypeW, Type: Inline - RelativeJump at address 0x77E989C6 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump at address 0x77E5B332 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump at address 0x77E5D961 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump at address 0x77E513A2 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump at address 0x77E52B38 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump at address 0x77E41A94 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x77F45669 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x77F457F8 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->ntdll.dll-->NtQueryDefaultLocale, Type: Inline - RelativeJump at address 0x77F65FAE hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeJump at address 0x77F66008 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->ntdll.dll-->NtQuerySystemEnvironmentValue, Type: Inline - RelativeJump at address 0x77F66152 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->ntdll.dll-->NtReadFileScatter, Type: Inline - RelativeJump at address 0x77F66215 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->ntdll.dll-->NtUnlockVirtualMemory, Type: Inline - RelativeJump at address 0x77F666E1 hook handler located in [prn.cwj] [260]EM_EXEC.EXE-->ntdll.dll-->NtWriteFileGather, Type: Inline - RelativeJump at address 0x77F66768 hook handler located in [prn.cwj]