RealTime Service

You have clicked on

"RealTime Service" that belongs to "ALYac" made by "ESTsoft Corp"

Measures you can take regarding this program:

	Click this button to terminate the program. The program will be stopped and the system tray icon will disappear.
	Click this button to uninstall the program. The program will be removed from your computer following the proper uninstallation procedure.
	Click this button to remove this program from startup, so it will NOT get started every time you turn on your computer.

Technical information:
Icon status	No tray icon
Icon setting	Not in the system tray
Executable file	C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye
Version	2, 5, 0, 16
Parent process	C:\WINDOWS\system32\services.exe
Can be uninstalled	Yes
Encrypted	No
Size on disk	346.8 Kb
Minimum recorded memory usage	67.3 Mb
Average recorded memory usage	67.3 Mb
Maximum recorded memory usage	67.3 Mb
Date when maximum memory usage occured	2012-03-14 �� 5:14:40
Minimum recorded CPU usage	0%
Average recorded CPU usage	0%
Maximum recorded CPU usage	0%
Date when maximum CPU usage occured	2012-03-14 �� 5:14:40
Started at	2012-03-14 �� 4:07:29
Total CPU time	46 seconds
Imported functions	[+] Imported from KERNEL32.dll [-] Imported from KERNEL32.dll GetCurrentProcessId SetEvent WaitForSingleObject MapViewOfFile OpenFileMappingW OpenEventW ReleaseMutex OpenMutexW CloseHandle UnmapViewOfFile CreateEventW GetCurrentThreadId OpenThread SetErrorMode QueueUserWorkItem GetLastError GetCurrentDirectoryW TerminateThread OutputDebugStringW CreateThread Sleep DeleteFileW GetVersionExW GetModuleHandleW GetProcAddress GetModuleFileNameW LoadLibraryW FreeLibrary SetCurrentDirectoryW IsBadStringPtrA GetCurrentProcess FindClose FindFirstFileW FindNextFileW SetUnhandledExceptionFilter CreateFileW TerminateProcess EnterCriticalSection LeaveCriticalSection SearchPathW MultiByteToWideChar SetLastError InitializeCriticalSection CreateFileMappingW ReadProcessMemory WriteProcessMemory VirtualAlloc DuplicateHandle VirtualFree VirtualProtectEx MapViewOfFileEx WideCharToMultiByte GetWindowsDirectoryW GetVolumeInformationW LocalAlloc LocalFree lstrcmpA FileTimeToLocalFileTime FileTimeToSystemTime GetFileAttributesW CreateMutexW CreateProcessW GetTickCount ProcessIdToSessionId DeleteCriticalSection InterlockedExchange GetSystemInfo RaiseException InterlockedCompareExchange UnhandledExceptionFilter IsDebuggerPresent QueryPerformanceCounter GetSystemTimeAsFileTime LoadLibraryA [+] Imported from MSVCP90.dll [-] Imported from MSVCP90.dll ??1?$basic_string@DU?$char_traits@D@std@... ??0?$basic_string@DU?$char_traits@D@std@... ??0?$basic_string@DU?$char_traits@D@std@... ??_D?$basic_stringstream@_WU?$char_trait... ?flush@?$basic_ostream@_WU?$char_traits@... ?setstate@?$basic_ios@_WU?$char_traits@_... ?_Unlock@?$basic_streambuf@_WU?$char_tra... ?_Lock@?$basic_streambuf@_WU?$char_trait... ?_Osfx@?$basic_ostream@_WU?$char_traits@... ?uncaught_exception@std@@YA_NXZ ?sputc@?$basic_streambuf@_WU?$char_trait... ?sputn@?$basic_streambuf@_WU?$char_trait... ?str@?$basic_stringstream@_WU?$char_trai... ??0?$basic_stringstream@_WU?$char_traits... ??6?$basic_ostream@_WU?$char_traits@_W@s... ??Y?$basic_string@_WU?$char_traits@_W@st... ??4?$basic_string@_WU?$char_traits@_W@st... ??4?$basic_string@_WU?$char_traits@_W@st... ??$?8_WU?$char_traits@_W@std@@V?$allocat... ?swap@?$basic_string@_WU?$char_traits@_W... ?deallocate@?$allocator@_W@std@@QAEXPA_W... ?allocate@?$allocator@_W@std@@QAEPA_WI@Z ?clear@?$basic_string@_WU?$char_traits@_... ?npos@?$basic_string@_WU?$char_traits@_W... ?_Tidy@?$basic_string@_WU?$char_traits@_... ?erase@?$basic_string@_WU?$char_traits@_... ??Y?$basic_string@_WU?$char_traits@_W@st... ??Y?$basic_string@_WU?$char_traits@_W@st... ?append@?$basic_string@_WU?$char_traits@... ?reserve@?$basic_string@_WU?$char_traits... ?replace@?$basic_string@_WU?$char_traits... ?substr@?$basic_string@_WU?$char_traits@... ?find@?$basic_string@_WU?$char_traits@_W... ?find@?$basic_string@_WU?$char_traits@_W... ?find@?$basic_string@_WU?$char_traits@_W... ?end@?$basic_string@_WU?$char_traits@_W@... ?begin@?$basic_string@_WU?$char_traits@_... ?replace@?$basic_string@_WU?$char_traits... ?replace@?$basic_string@_WU?$char_traits... ?rfind@?$basic_string@_WU?$char_traits@_... ?rfind@?$basic_string@_WU?$char_traits@_... ?rfind@?$basic_string@_WU?$char_traits@_... ??$?M_WU?$char_traits@_W@std@@V?$allocat... ??4?$basic_string@DU?$char_traits@D@std@... ??0?$basic_string@DU?$char_traits@D@std@... ??4?$basic_string@DU?$char_traits@D@std@... ?resize@?$basic_string@_WU?$char_traits@... ?reserve@?$basic_string@DU?$char_traits@... ?resize@?$basic_string@DU?$char_traits@D... ?begin@?$basic_string@DU?$char_traits@D@... ?begin@?$basic_string@_WU?$char_traits@_... ?assign@?$basic_string@_WU?$char_traits@... ?append@?$basic_string@_WU?$char_traits@... ?assign@?$basic_string@_WU?$char_traits@... ?rend@?$basic_string@_WU?$char_traits@_W... ?rbegin@?$basic_string@_WU?$char_traits@... ?end@?$basic_string@_WU?$char_traits@_W@... ?assign@?$basic_string@_WU?$char_traits@... ??$getline@_WU?$char_traits@_W@std@@V?$a... ??0?$basic_stringstream@_WU?$char_traits... ?at@?$basic_string@_WU?$char_traits@_W@s... ?global@locale@std@@SA?AV12@ABV12@@Z ??0locale@std@@QAE@PBDH@Z ??1locale@std@@QAE@XZ ?cout@std@@3V?$basic_ostream@DU?$char_tr... ?endl@std@@YAAAV?$basic_ostream@DU?$char... ?endl@std@@YAAAV?$basic_ostream@_WU?$cha... ?close@?$basic_fstream@_WU?$char_traits@... ?open@?$basic_fstream@_WU?$char_traits@_... ??0?$basic_fstream@_WU?$char_traits@_W@s... ?tellp@?$basic_ostream@_WU?$char_traits@... ?seekp@?$basic_ostream@_WU?$char_traits@... ??6?$basic_ostream@_WU?$char_traits@_W@s... ??6?$basic_ostream@DU?$char_traits@D@std... ??6?$basic_ostream@DU?$char_traits@D@std... ??_D?$basic_fstream@_WU?$char_traits@_W@... ??0?$basic_string@_WU?$char_traits@_W@st... ??0?$basic_string@_WU?$char_traits@_W@st... ??1?$basic_string@_WU?$char_traits@_W@st... ??0?$basic_string@_WU?$char_traits@_W@st... [+] Imported from MSVCR90.dll [-] Imported from MSVCR90.dll wcsncpy_s _vsnwprintf _invalid_parameter_noinfo _purecall wcsstr wcscpy_s memmove_s _beginthread exit wcsrchr _stricmp _wcsicmp wcstoul _beginthreadex wcsncmp _wcsnicmp wcsnlen strncpy strnlen _strnicmp _vsnwprintf_s memcpy_s memchr ??_V@YAXPAX@Z wcstol tolower iswspace srand _time64 rand swprintf_s fclose _wfsopen fwrite wprintf _ftime64_s _localtime64_s wcschr fputws _fsopen fputs _unlock __dllonexit _encode_pointer _lock _onexit _decode_pointer _amsg_exit __wgetmainargs _cexit _exit _XcptFilter __winitenv _initterm _initterm_e _configthreadlocale __setusermatherr _adjust_fdiv __p__commode __p__fmode __set_app_type _crt_debugger_hook ?terminate@@YAXXZ ?_type_info_dtor_internal_method@type_in... _except_handler4_common _invoke_watson _controlfp_s _CxxThrowException memcpy memset __CxxFrameHandler3 ??3@YAXPAX@Z ??0exception@std@@QAE@ABQBD@Z ?what@exception@std@@UBEPBDXZ ??0exception@std@@QAE@ABV01@@Z ??2@YAPAXI@Z ??1exception@std@@UAE@XZ ??0exception@std@@QAE@XZ _local_unwind4
Some relevant texts from the exe file	[+] Click here for more details [-] Click here to hide details http://www.altools.co.kr0 http://ocsp.verisign.com0 http://crl.verisign.com/pca3-g5.crl04 http://logo.verisign.com/vslogo.gif04 https://www.verisign.com/rpa0 https://www.verisign.com/cps0* /http://csc3-2010-aia.verisign.com/CSC3-2010.cer0 http://ocsp.verisign.com0; /http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D 0http://crl.verisign.com/ThawteTimestampingCA.crl0 http://crl.verisign.com/tss-ca.crl0 !This program cannot be run in DOS mode. ADVAPI32.dll SHELL32.dll CRYPT32.dll Global\POTATO_TRACETOOL_DATA_READY Global\POTATO_TRACETOOL_BUFFER_READY Global\POTATO_TRACETOOL_BUFFER Global\POTATO_TRACETOOL_MUTEX RealTimeSrv REALTIME_SRV_DESCRIPT_NAME REALTIME_SRV_REGIST_NAME Global\AYRTSrv_AYE Kernel32.dll KernelBase.dll User32.dll UpdateSrv Run Fail RealTimeService::OnServiceOperate invalid map/set<T> iterator bad allocation CONN_MOD_WATCH_MESSENGER TRAY_MUTEX_NAME realtimeMonitorUse firewallUse PRODUCT_PATH /enableWSCTrue /enableFWTrue SYSBACKUP_FOLDER @@REALTIME_WATCH_FOLDER WATCH_MODULE_LIST @CONN_MOD_REALTIME deque<T> too long @winsock.reg safe_mode.reg entControlSet\Services\WinSock2\Parameters SYSTEM\CurrentControlSet\Control\SafeBoot RegisterServiceCtrlHandlerExW ServiceManager::InstallService ServiceManager::StartServiceW ServiceManager::StopService GetModuleHandleA GetModuleFileNameA shlwapi.dll eeomres.dll GlobalSpaceMutex Global\GlobalSpaceShareMemV2 PROGRAM_FILES SYSTEM\CurrentControlSet\services\ALYac_AgentSrv ASM_FOLDER CERTIFICATE_COMPANY_NAME EXECUTABLE_FILE_EXTENTION @HKEY_LOCAL_MACHINE script.dll Initialize_ScriptData UnInitialize_ScriptData LoadScript_ScriptData RunScript_ScriptData ResetSetValue_ScriptData HasMoreSetValue_ScriptData GetNextSetValue_ScriptData Initialize LoadScript ResetSetValue HasMoreSetValue GetNextSetValue map/set<T> too long Uninitialize UpdateConfig @UTIL_FOLDER Environment Blackbox_ALYac_Finalize DBGHELP.DLL MiniDumpWriteDump FileVersion CompanyName WS2_32.DLL BaseThreadInitThunk api-ms-win-core-libraryloader-l1-1-0.dll LoadLibraryW LoadLibraryExW LoadLibraryA LoadLibraryExA GetProcessId NtQueryInformationProcess Global\AY_TRACE CONFIG_MODULE LoadConfig SaveUserConfig SaveUserConfig2 GetConfigTypeBool GetConfigTypeInt GetConfigTypeStr SetConfigTypeBool SetConfigTypeInt SetConfigTypeStr GetConfigRunmodeList GetConfigScheduleList SetConfigRunmodeList SetConfigScheduleList FreeRunmodeList FreeScheduleList LoadDataConfig SaveDataConfig GetDataTypeBool GetDataTypeInt SetDataTypeBool SetDataTypeInt LoadUserInfo SaveUserInfo GetUserInfo SetUserInfo GetAlyacProductType IsLicenseUpdate IsLicenseInvalid ShowLicenseMessage LoadLicenseInfo SaveLicenseInfo GetLicenseInfo SetLicenseInfo LoadAgentInfo SaveAgentInfo GetAgentInfoTypeBool GetAgentInfoTypeInt GetAgentInfoTypeStr SetAgentInfoTypeBool SetAgentInfoTypeInt SetAgentInfoTypeStr SetConfigLock SetConfigUnlock SetConfigUserLock SetConfigUserUnlock SetAgentLock SetAgentUnlock CheckFileChange GetLoadedFileRevision GetAgentListToString BackupDatFiles SaveAgentUserInfo ACONN_MODULE SendToModuleType StopRecvThread SetRecvWaitMode GetFileName GetFilePathNew2 GetFilePathNew GetFolderPathNew2 GetFolderPathNew GetFilePath2 GetFilePath GetFolderPath2 GetFolderPath GetPathVariableList GetPathVariable CryptDecodeObject failed with Unable to allocate memory for Publisher Info. Unable to allocate memory for timestamp info. ERROR_CATEGORY[0x TRACE_FILE_NAME EXCEPTION_REPORT_METHOD :\documents and settings SetProcessWorkingSetSize GetProcessWorkingSetSize EmptyWorkingSet ASeTcbPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeDebugPrivilege HKEY_CURRENT_CONFIG HKEY_USERS HKEY_CURRENT_USER HKEY_CLASSES_ROOT Windows Registry Editor Version 5.00 \regedit.exe WtsApi32.dll WTSGetActiveConsoleSessionId WTSQuerySessionInformationW WTSEnumerateSessionsW GetNativeSystemInfo Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Unknown Windows Server Unknown GetProductInfo Ultimate Edition Home Premium Edition Home Basic Edition Home Server Edition Enterprise Edition Business Edition Starter Edition Cluster Server Edition Datacenter Edition Datacenter Edition (core installation) Enterprise Edition (core installation) Enterprise Edition for Itanium-based Systems Small Business Server Small Business Server Premium Edition Server for Small Business Edition Standard Edition Standard Edition (core installation) Web Server Edition Web Server Edition (core installation) Storage Server Enterprise Edition Storage Server Express Edition Storage Server Standard Edition Storage Server Workgroup Edition Windows Server 2003 R2, Windows Storage Server 2003 Windows Home Server Windows XP Professional x64 Edition Windows Server 2003, Datacenter Edition for Itanium-based Systems Datacenter x64 Edition Enterprise x64 Edition Standard x64 Edition Compute Cluster Edition Web Edition Small Business Edition Home Edition Professional Workstation 4.0 Home Edition Professional Datacenter x64 Edition Enterprise x64 Edition Standard x64 Edition Datacenter Edition Enterprise Edition Web Edition Standard Edition Server 4.0, Enterprise Edition SYSTEM\CurrentControlSet\Control\ProductOptions ProductType Workstation Service Pack 6 Service Pack 6a (Build StartServiceCtrlDispatcherW SetServiceStatus OpenSCManagerW CreateServiceW CloseServiceHandle OpenServiceW InitializeSe curityDescriptor SetSecurityDescriptorDacl GetSecurityDescriptorSacl SetSecurityDescriptorSacl GetSecurityDescriptorDacl AllocateAndInitializeSid SetSecurityDescriptorOwner LookupPrivilegeValueW AdjustTokenPrivileges RegGetKeySecurity BuildTrusteeWithSidA SetEntriesInAclA RegSetKeySecurity RegEnumValueW RegQueryValueExW StartServiceW QueryServiceStatus ControlService EnumProcessModules GetModuleInformation GetModuleBaseNameW GetModuleFileNameExW CertGetNameStringW CertFreeCertificateContext CryptQueryObject CertFindCertificateInStore GetCurrentProcessId WaitForSingleObject MapViewOfFile OpenFileMappingW ReleaseMutex OpenMutexW CloseHandle UnmapViewOfFile GetCurrentThreadId OpenThread QueueUserWorkItem GetLastError GetCurrentDirectoryW TerminateThread OutputDebugStringW GetVersionExW GetModuleHandleW GetProcAddress GetModuleFileNameW FreeLibrary SetCurrentDirectoryW GetCurrentProcess SetUnhandledExceptionFilter CreateFileW TerminateProcess EnterCriticalSection LeaveCriticalSection MultiByteToWideChar SetLastError InitializeCriticalSection CreateFileMappingW ReadProcessMemory WriteProcessMemory VirtualAlloc DuplicateHandle VirtualFree VirtualProtectEx MapViewOfFileEx WideCharToMultiByte GetWindowsDirectoryW GetVolumeInformationW FileTimeToLocalFileTime FileTimeToSystemTime GetFileAttributesW CreateMutexW CreateProcessW GetTickCount ProcessIdToSessionId DeleteCriticalSection InterlockedExchange GetSystemInfo basic_string@_WU? allocator@_W@2@@std@@QAE@ABV01@@Z allocator@_W@2@@std@@QAE@XZ allocator@_W@2@@std@@QAE@PB_W@Z basic_string@DU? allocator@D@2@@std@@QAE@XZ allocator@D@2@@std@@QAE@ABV01@@Z allocator@D@2@@std@@QAE@PBD@Z basic_stringstream@_WU? allocator@_W@2@@std@@QAEXXZ basic_ostream@_WU? char_traits@_W@std@@@std@@QAEAAV12@XZ basic_ios@_WU? char_traits@_W@std@@@std@@QAEXH_N@Z basic_streambuf@_WU? char_traits@_W@std@@@std@@QAEXXZ ?uncaught_exception@std@@YA_NXZ char_traits@_W@std@@@std@@QAEG_W@Z char_traits@_W@std@@@std@@QAEHPB_WH@Z allocator@_W@2@@std@@QBE?AV? allocator@_W@2@@std@@QAE@H@Z char_traits@_W@std@@@std@@QAEAAV01@I@Z allocator@_W@2@@std@@QAEAAV01@PB_W@Z allocator@_W@2@@std@@QAEAAV01@ABV01@@Z allocator@_W@2@@std@@QAEXAAV12@@Z ?deallocate@? allocator@_W@std@@QAEXPA_WI@Z ?allocate@? allocator@_W@std@@QAEPA_WI@Z allocator@_W@2@@std@@2IB allocator@_W@2@@std@@IAEX_NI@Z allocator@_W@2@@std@@QAEAAV12@II@Z allocator@_W@2@@std@@QAEAAV01@_W@Z allocator@_W@2@@std@@QAEAAV12@I_W@Z allocator@_W@2@@std@@QAEXI@Z allocator@_W@2@@std@@QAEAAV12@V? _String_const_iterator@_WU? allocator@_W@2@@std@@QBE?AV12@II@Z allocator@_W@2@@std@@QBEI_WI@Z allocator@_W@2@@std@@QBEIPB_WI@Z allocator@_W@2@@std@@QBEIABV12@I@Z allocator@_W@2@@std@@QAE?AV? _String_iterator@_WU? allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z allocator@D@2@@std@@QAEAAV01@PBD@Z allocator@D@2@@std@@QAEAAV01@ABV01@@Z allocator@D@2@@std@@QAEXI@Z allocator@D@2@@std@@QAE?AV? _String_iterator@DU? allocator@_W@2@@std@@QAEAAV12@PB_W@Z allocator@_W@2@@std@@QAEAAV12@ABV12@@Z reverse_iterator@V? getline@_WU? basic_istream@_WU? allocator@_W@2@@std@@QAE@ABV? allocator@_W@2@@std@@QAEAA_WI@Z ?global@locale@std@@SA?AV12@ABV12@@Z ??0locale@std@@QAE@PBDH@Z ??1locale@std@@QAE@XZ basic_ostream@DU? basic_fstream@_WU? char_traits@_W@std@@@std@@QAEXPB_WHH@Z char_traits@_W@std@@@std@@QAE@XZ char_traits@_W@std@@@std@@QAE?AV? char_traits@_W@std@@@std@@QAEAAV12@JH@Z char_traits@D@std@@@std@@QAEAAV01@PBX@Z MSVCP90.dll ??0exception@std@@QAE@XZ ??1exception@std@@UAE@XZ ??0exception@std@@QAE@ABV01@@Z ?what@exception@std@@UBEPBDXZ ??0exception@std@@QAE@ABQBD@Z _invalid_parameter_noinfo _beginthread _beginthreadex _localtime64_s MSVCR90.dll __dllonexit _encode_pointer _decode_pointer _amsg_exit __wgetmainargs _configthreadlocale __setusermatherr _adjust_fdiv _crt_debugger_hook ?terminate@@YAXXZ ?_type_info_dtor_internal_method@type_info@@QAEXXZ _except_handler4_common _invoke_watson RaiseException InterlockedCompareExchange UnhandledExceptionFilter IsDebuggerPresent QueryPerformanceCounter GetSystemTimeAsFileTime _CxxThrowException _local_unwind4 .?AVtype_info@@ .?AVRealTimeService@@ .?AVServiceBase@@ .?AVexception@std@@ .?AVlogic_error@std@@ .?AVlength_error@std@@ Microsoft Corporation Roboscan Inc Adobe Systems, Inc. .?AVout_of_range@std@@ .?AVExceptionW@ayn@@ .?AVRealTimeCore@@ .?AUServiceFunction@@ .?AVWatcherConnector@@ .?AVModuleCommunicator@@ .?AVFileTool@SysCoreRegBackup@@ .?AVRegTool@SysCoreRegBackup@@ .?AVSysCoreRegBackup@@ .?AVUpdateChecker@@ .?AVWin32Exception@ayn@@ .?AVUserProtector@@ .?AVGlobalDataInitializer@@ .?AVFilePEParser@@ .?AVProcessPEParser@@ .?AVNtDllConnector@@ .?AVConfigConnector@@ .?AVConnModConnector@@ .?AVStringCryptToolW@ayn@@ .?AVFileObejct@CertificateToolEx@ayn@@ .?AVObejctInterface@CertificateToolEx@ayn@@ .?AVFileInformationExW@ayn@@ .?AVMemoryBufferExW@ayn@@ .?AVMemoryToolEx@ayn@@ .?AVPrivilegeToolExW@ayn@@ .?AVSessionToolEx@ayn@@ .?AVSyncObjectEx@ayn@@ I/@Lu+;E\|9D~9D}*8C})8C})8C})9D VS_VERSION_INFO StringFileInfo FileDescription RealTime Service LegalCopyright ProductVersion ProductName VarFileInfo Translation urn:schemas-microsoft-com:asm.v1 manifestVersion= <trustInfo xmlns= urn:schemas-microsoft-com:asm.v3 <security> uiAccess= ></requestedExecutionLevel> </security> </trustInfo> processorArchitecture= publicKeyToken= ></assemblyIdentity> 434E4O4b4i4 242A2M2U2]2i2 : :(:0:<:\:l:t:\|: VeriSign Time Stamping Services CA0 +VeriSign Time Stamping Services Signer - G20 Durbanville1 Thawte Certification1 Thawte Timestamping CA0 VeriSign Trust Network1;09 VeriSign Class 3 Code Signing 2010 CA0 Seocho-gu1 VeriSign Time Stamping Services CA

Technical information: