Hello, gentlemen. I have a few infections on my laptop and I'm going crazy trying to get rid of them.

The first showed up about 5 days ago. Symptoms were random Firefox browser pop-ups, and deactivation of my Windows Automatic Updates. I had been planning on reformatting anyway, so I went ahead and did that. I spent the next day re-installing all of my stuff. About eight hours later, it returned, same symptoms as before. Either one of the sites I visit daily is compromised and I became re-infected, or the reformat didn't erase the trojan. The latter seems likely since I didn't get a Windows install/restore disc with the computer. Instead, the restore software is stored on a partitioned section of the hard drive, and I'm assuming that these restore files were somehow infected.

I identified the problem as Virtumonde/Vundo, and ran several programs trying to get rid of it. Atribune's VundoFix found absolutely no sign of infection. Spybot and AdAware were somewhat effective but the symptoms would return whenever I rebooted the computer. Malwarebyte's Anti-Malware seemed to do the trick, however. I had to run it twice, but after the second run through, it seemed fixed.

This time the peace lasted about two days.

The symptoms this time are different though, so I'm pretty sure it's not just Virtumonde. This time my internet access has been severely limited. Pages just aren't loading. And something is attempting to send random spam mail to random email addresses. I'm getting a ton of Symantec pop-ups saying, "scanning email..." and then "this email could not be sent".

So for the past two days I've been running repeated full system scans with Spybot, AdAware, and Malwarebytes. In normal mode and in safe mode. Safe mode scans seem to be working best, but every time I reboot back into normal mode, the trojans are respawning themselves. I've also run VundoFix again, as well as VirtumondeBeGone, but neither of those are detecting any problems.

Another symptom: this morning I got tired of scanning and attempted to reformat again. No such luck. Every time I try to start the process I get slapped with a blue screen fatal error "c00002la", some kind of problem with the Windows Logon Process.

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:15 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1234722692\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{9A0B5~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{9A0B5~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup1] C:\PROGRA~1\INSTAL~1\{4E120~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{4E120~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup2] C:\PROGRA~1\INSTAL~1\{A9BB0~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{A9BB0~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup4] C:\PROGRA~1\INSTAL~1\{98181~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{98181~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup5] C:\PROGRA~1\INSTAL~1\{C029D~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{C029D~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup6] C:\PROGRA~1\INSTAL~1\{569C2~1\SETUP.EXE -rebootC:\PROGRA~1\INSTAL~1\{569C2~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup3] C:\PROGRA~1\INSTAL~1\{4E120~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{4E120~1\reboot.ini -l0x9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: cjdsji.dll fsbocm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11819 bytes

This post has been edited by Lambent: Feb 20 2009, 11:13 PM

Hello Lambent

Welcome to G2Go.
=====================

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

OTListIt logfile created on: 2/21/2009 5:14:47 PM - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 375.50 Mb Available Physical Memory | 37.02% Memory free
2.38 Gb Paging File | 1.67 Gb Available in Paging File | 70.24% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 47.55 Gb Free Space | 55.09% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.54 Gb Free Space | 51.82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 111.94 Mb Total Space | 100.11 Mb Free Space | 89.43% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRAIGPARTAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\McAfee\McAfee AntiSpyware\msssrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
PRC - C:\Program Files\Common Files\AOL\1234722692\EE\AOLHostManager.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\AOL\1234722692\EE\AOLServiceHost.exe (America Online, Inc.)
PRC - C:\Program Files\McAfee\McAfee AntiSpyware\msscli.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\BigFix\BigFix.exe (BigFix Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor [Auto | Stopped]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ccEvtMgr [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccProxy [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ISSVC [On_Demand | Stopped]) -- C:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McAfeeAntiSpyware [Auto | Running]) -- c:\Program Files\McAfee\McAfee AntiSpyware\msssrv.exe (McAfee, Inc.)
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (navapsvc [Auto | Running]) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (SAVScan [On_Demand | Stopped]) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SBService [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe (Symantec Corporation)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SymWSC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aec [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\aec.sys ()
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040811.020\naveng.sys (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040811.020\navex15.sys (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SAVRT [On_Demand | Running]) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (SAVRTPEL [Auto | Running]) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" ()
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1234722692\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" (Intel® Corporation)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" (Symantec Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe File not found
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" ()
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{9A0B5~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{9A0B5~1\reboot.ini -l0x9 (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup1] C:\PROGRA~1\INSTAL~1\{4E120~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{4E120~1\reboot.ini -l0x9 (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup2] C:\PROGRA~1\INSTAL~1\{A9BB0~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{A9BB0~1\reboot.ini -l0x9 (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup3] C:\PROGRA~1\INSTAL~1\{4E120~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{4E120~1\reboot.ini -l0x9 (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup4] C:\PROGRA~1\INSTAL~1\{98181~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{98181~1\reboot.ini -l0x9 (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup5] C:\PROGRA~1\INSTAL~1\{C029D~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{C029D~1\reboot.ini -l0x9 (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [InstallShieldSetup6] C:\PROGRA~1\INSTAL~1\{569C2~1\SETUP.EXE -rebootC:\PROGRA~1\INSTAL~1\{569C2~1\reboot.ini -l0x9 (InstallShield Software Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\BigFix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cjdsji.dll) - File not found
O20 - AppInit_DLLs: (fsbocm.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {F2A0229A-C4CA-4789-B606-973D24DCDD1C} - c:\Program Files\McAfee\McAfee AntiSpyware\mssshell.dll (McAfee, Inc.)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnnLFxY) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O33 - MountPoints2\{24f7cec1-fb92-11dd-9456-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{24f7cec1-fb92-11dd-9456-806d6172696f}\Shell\AutoRun - "" = Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[16 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/21 17:12:02 | 00,831,488 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\gmer.exe
[2009/02/21 17:09:59 | 00,511,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\OTListIt2.exe
[2009/02/21 17:09:52 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\gmer.zip
[2009/02/20 23:42:04 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\HijackThis.lnk
[2009/02/20 23:42:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/20 23:38:42 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\HJTInstall.exe
[2009/02/20 23:38:42 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\VirtumundoBeGone.exe
[2009/02/20 23:26:19 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009/02/20 22:20:16 | 10,637,68064 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/20 14:49:47 | 00,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2009/02/20 14:47:24 | 00,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZENcast Organizer.lnk
[2009/02/20 14:46:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009/02/20 14:46:01 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZEN Vision W Media Explorer.lnk
[2009/02/20 00:56:18 | 00,173,456 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\FixVundo.exe
[2009/02/19 23:48:40 | 22,058,104 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\antivir_workstation_winu_en_h.exe
[2009/02/19 12:45:11 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys.bak
[2009/02/19 12:42:32 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/02/19 12:30:21 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/02/19 12:27:49 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/02/19 12:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\HP
[2009/02/19 12:13:01 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/02/19 06:40:15 | 00,001,215 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\regenesis.rtf
[2009/02/19 03:42:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\dvdcss
[2009/02/18 21:40:17 | 00,000,433 | ---- | C] () -- C:\WINDOWS\xccwinsys.ini
[2009/02/18 21:40:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inf
[2009/02/18 21:29:56 | 00,002,204 | ---- | C] () -- C:\WINDOWS\evgxjmlp
[2009/02/18 13:49:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\comix-4.0.2
[2009/02/18 07:25:18 | 00,103,803 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\arrested developement [isoHunt] download.torrent
[2009/02/17 08:52:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\gtk-2.0
[2009/02/17 08:46:37 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/02/17 08:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009/02/17 04:52:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Macromedia
[2009/02/16 23:25:28 | 00,113,074 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\[isoHunt] XIII-The.Conspiracy[2008]DvDrip-aXXo.4660683.TPB.torrent
[2009/02/16 21:43:33 | 00,000,000 | ---D | C] -- C:\Program Files\24_Screensaver
[2009/02/16 20:40:26 | 00,566,784 | ---- | C] () -- C:\WINDOWS\TheMatrix.scr
[2009/02/16 20:40:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2009/02/16 19:55:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/16 19:40:40 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/02/16 19:40:40 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/02/16 19:40:40 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/02/16 19:40:40 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/02/16 19:40:23 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2009/02/16 19:40:23 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/02/16 19:40:22 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/02/16 19:40:22 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/02/16 19:40:14 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/02/16 19:40:13 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/02/16 19:40:13 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/02/16 19:40:12 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/02/16 19:40:12 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/02/16 19:40:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/02/16 19:40:12 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/02/16 19:40:12 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/02/16 19:40:12 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/02/16 19:40:12 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/02/16 19:40:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/02/16 19:40:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/02/16 19:40:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/02/16 19:40:12 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/02/16 19:40:11 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/02/16 19:40:11 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/02/16 19:40:11 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/02/16 19:40:11 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/02/16 19:40:11 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/02/16 19:40:11 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/02/16 19:40:11 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/02/16 19:40:11 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/02/16 19:40:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/02/16 19:40:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/02/16 19:40:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/02/16 19:40:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/02/16 19:40:05 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/02/16 19:40:05 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/02/16 19:40:05 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/02/16 19:40:05 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/02/16 19:40:05 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/02/16 19:40:04 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/02/16 19:40:04 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/02/16 19:40:04 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/02/16 19:40:04 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/02/16 19:40:04 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/02/16 19:40:03 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/02/16 19:40:02 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/02/16 19:40:02 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/02/16 19:40:01 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/02/16 19:40:01 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/02/16 19:40:01 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/02/16 19:40:01 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/02/16 19:40:01 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/02/16 19:40:01 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/02/16 19:40:01 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/02/16 19:40:00 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/02/16 19:40:00 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/02/16 19:39:59 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/02/16 19:39:59 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/02/16 19:39:59 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/02/16 19:39:59 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/02/16 19:39:58 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/02/16 19:39:58 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/02/16 19:39:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/02/16 19:39:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/02/16 19:39:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/02/16 19:39:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/02/16 19:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/02/16 19:30:10 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/02/16 19:30:09 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/02/16 19:30:09 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/02/16 19:30:09 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/02/16 19:30:09 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/02/16 19:30:08 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/02/16 19:30:08 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/02/16 19:30:08 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/02/16 19:30:08 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/02/16 19:30:07 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/02/16 19:30:04 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/02/16 19:30:04 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/02/16 19:30:03 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/02/16 19:30:03 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/02/16 19:30:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/02/16 19:30:01 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/02/16 19:30:00 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/02/16 19:30:00 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/02/16 19:30:00 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/02/16 19:30:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/02/16 19:22:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/02/16 18:08:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/02/16 18:07:51 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/02/16 18:07:51 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/02/16 18:07:50 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/02/16 18:07:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/02/16 18:07:49 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/02/16 18:07:49 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/02/16 18:07:49 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/02/16 18:07:48 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/02/16 18:07:48 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/02/16 18:07:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/02/16 18:06:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/02/16 18:04:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/02/16 18:03:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/02/16 18:03:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/02/16 18:02:32 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/02/16 18:00:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/02/16 18:00:15 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2009/02/16 17:26:30 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/16 17:25:09 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/02/16 17:22:28 | 00,093,609 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\[isoHunt] ReGenesis-Season1.torrent
[2009/02/16 10:33:56 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/02/16 10:33:56 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/02/16 10:33:56 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/02/16 10:33:56 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/02/16 10:33:55 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/02/16 10:33:55 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/02/16 10:33:55 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/02/16 10:33:55 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/02/16 10:33:55 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/02/16 10:33:55 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\

[2009/02/16 10:33:55 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/02/16 10:33:55 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/02/16 10:33:54 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/02/16 10:33:54 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/02/16 10:33:53 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/02/16 08:59:02 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/02/16 08:59:01 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/02/16 08:22:10 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/02/16 08:22:08 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/02/16 08:22:07 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/02/16 08:22:06 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/02/16 05:18:56 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/02/16 05:18:48 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/02/16 05:18:43 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/02/16 05:18:35 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/02/16 05:16:04 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/02/16 05:15:02 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/02/16 05:14:52 | 03,594,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/02/16 05:12:24 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/02/16 05:11:25 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/02/16 05:11:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/02/16 05:11:13 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/02/16 05:11:11 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/02/16 04:38:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Malwarebytes
[2009/02/16 04:38:11 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/16 04:38:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/16 04:38:07 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/16 04:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/16 04:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/16 03:45:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/02/16 03:21:00 | 00,048,623 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\[isoHunt] Terminator - The Sarah Connor Chronicles season 2 [smaragdtorrent.to].torrent
[2009/02/16 03:20:16 | 00,157,256 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\[isoHunt] Supernatural Complete Season 2 (KSFX2000).torrent
[2009/02/16 03:19:13 | 21,244,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/16 02:41:04 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/02/16 02:23:40 | 00,033,904 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/16 02:17:51 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/16 00:01:49 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/16 00:01:44 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/15 23:58:54 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\Spybot - Search & Destroy.lnk
[2009/02/15 23:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/15 23:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/15 23:57:07 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/15 23:56:59 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/02/15 23:56:48 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/15 23:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/15 23:27:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/02/15 23:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/02/15 22:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\Microsoft Help
[2009/02/15 22:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2009/02/15 22:36:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/02/15 22:09:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\ApplicationHistory
[2009/02/15 22:00:46 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\Windows Media Player.lnk
[2009/02/15 21:50:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2009/02/15 21:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/02/15 21:41:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/02/15 21:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\Adobe
[2009/02/15 21:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Adobe
[2009/02/15 21:34:07 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/02/15 21:34:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\BitTorrent
[2009/02/15 21:32:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\DNA
[2009/02/15 21:32:23 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/02/15 21:32:23 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/02/15 21:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\DNA
[2009/02/15 21:26:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\vlc
[2009/02/15 21:23:39 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/02/15 21:18:53 | 00,000,478 | R--- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\My Videos.lnk
[2009/02/15 20:57:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\desktop.ini
[2009/02/15 20:57:44 | 03,214,584 | -H-- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\IconCache.db
[2009/02/15 20:57:44 | 00,000,076 | -HS- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\desktop.ini
[2009/02/15 20:57:43 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Start Menu\Programs\Startup\desktop.ini
[2009/02/15 20:57:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Identities
[2009/02/15 20:57:42 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Microsoft
[2009/02/15 20:57:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\My Pictures
[2009/02/15 20:57:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\My Music
[2009/02/15 20:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\Microsoft
[2009/02/15 20:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2009/02/15 20:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\You've Got Pictures Screensaver
[2009/02/15 20:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\SampleView
[2009/02/15 20:57:06 | 00,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 3.job
[2009/02/15 20:57:06 | 00,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 2.job
[2009/02/15 20:24:56 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/15 20:12:42 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/15 20:07:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Creative
[2009/02/15 20:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\downloads
[2009/02/15 20:03:58 | 00,016,139 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\cosunia.odt
[2009/02/15 20:02:42 | 00,011,657 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\booklog.rtf
[2009/02/15 20:02:37 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\dragonflies.doc
[2009/02/15 20:02:37 | 00,041,996 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\fedora creepypasta.rtf
[2009/02/15 20:02:37 | 00,001,394 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\fafsa pin.rtf
[2009/02/15 20:02:37 | 00,001,021 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\gary-oldman-airport-copypasta.rtf
[2009/02/15 20:02:37 | 00,000,380 | ---- | C] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\higherone.rtf
[2009/02/15 20:00:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/02/15 19:53:27 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/02/15 19:53:27 | 00,024,784 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2009/02/15 19:53:27 | 00,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2009/02/15 19:53:23 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009/02/15 19:53:23 | 00,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2009/02/15 19:53:23 | 00,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2009/02/15 19:53:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/02/15 19:49:27 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/02/15 19:49:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\SystemRequirementsLab
[2009/02/15 19:49:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/02/15 19:49:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Sun
[2009/02/15 19:43:49 | 00,000,000 | ---D | C] -- C:\Intel
[2009/02/15 19:37:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Intel
[2009/02/15 19:36:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/02/15 19:35:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\Mozilla
[2009/02/15 19:35:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Mozilla
[2009/02/15 19:35:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2009/02/15 19:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/02/15 19:21:38 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/15 19:21:31 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/02/15 19:08:04 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2009/02/15 19:00:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\Google
[2009/02/15 14:25:18 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/02/15 14:25:14 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/02/15 13:56:58 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/02/15 13:54:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\Gateway_MX6650_Rev.1_T385B71003202.MRK
[2009/02/15 13:53:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/15 13:53:47 | 00,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2009/02/15 13:43:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/02/15 13:42:05 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/02/15 13:41:33 | 00,181,938 | ---- | C] () -- C:\WINDOWS\Gateway.bmp
[2009/02/15 13:41:24 | 00,000,492 | ---- | C] () -- C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-D0500D4837-Administrator).job
[2009/02/15 13:41:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/02/15 13:41:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/02/15 13:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/02/15 13:41:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/02/15 13:40:44 | 00,341,568 | ---- | C] (McAfee, Inc) -- C:\WINDOWS\System32\mcinsctl.dll
[2009/02/15 13:40:44 | 00,277,616 | ---- | C] (McAfee, Inc) -- C:\WINDOWS\System32\mcgdmgr.dll
[2009/02/15 13:40:43 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/02/15 13:37:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/02/15 13:36:57 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\POWERCFG.EXE
[2009/02/15 13:36:53 | 00,025,214 | ---- | C] () -- C:\WINDOWS\gtwdocs.ico
[2009/02/15 13:36:23 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/02/15 13:36:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/02/15 13:36:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/02/15 13:36:03 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/02/15 13:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2005
[2009/02/15 13:34:16 | 00,076,288 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PUBOLE32.DLL
[2009/02/15 13:34:15 | 00,487,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/02/15 13:34:15 | 00,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/02/15 13:34:15 | 00,133,904 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcans32.dll
[2009/02/15 13:34:15 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2009/02/15 13:34:15 | 00,054,784 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvci70.dll
[2009/02/15 13:34:15 | 00,037,888 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ochlp30e.dll
[2009/02/15 13:34:15 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcuia32.dll
[2009/02/15 13:34:14 | 00,031,744 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlp95en.dll
[2009/02/15 13:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/02/15 13:33:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2009/02/15 13:33:14 | 00,173,184 | ---- | C] (America Online Inc) -- C:\WINDOWS\System32\ygpss.scr
[2009/02/15 13:33:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2009/02/15 13:32:56 | 00,106,496 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2009/02/15 13:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2009/02/15 13:32:49 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/02/15 13:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/02/15 13:32:43 | 00,000,000 | ---D | C] -- C:\My Music
[2009/02/15 13:32:40 | 00,157,696 | ---- | C] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/02/15 13:32:38 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/02/15 13:32:38 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/02/15 13:32:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/02/15 13:32:25 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSComCt2.ocx
[2009/02/15 13:32:25 | 00,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RichTx32.ocx
[2009/02/15 13:32:25 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSInet.ocx
[2009/02/15 13:32:25 | 00,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2009/02/15 13:32:24 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/02/15 13:32:24 | 00,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
[2009/02/15 13:32:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/15 13:32:19 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/02/15 13:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/02/15 13:32:15 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2009/02/15 13:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AolCoach
[2009/02/15 13:31:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2009/02/15 13:31:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2009/02/15 13:31:29 | 00,000,000 | ---D | C] -- C:\Program Files\America Online 9.0
[2009/02/15 13:31:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/02/15 13:31:19 | 00,001,097 | -H-- | C] () -- C:\IPH.PH
[2009/02/15 13:31:18 | 00,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/15 13:31:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/02/15 13:31:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/02/15 13:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/02/15 13:30:44 | 00,000,000 | ---D | C] -- C:\Program Files\Napster
[2009/02/15 13:30:27 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/02/15 13:30:14 | 00,000,000 | ---D | C] -- C:\ses2_client_bin_2_8_13g
[2009/02/15 13:29:59 | 00,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2009/02/15 13:29:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 2006
[2009/02/15 13:29:14 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
[2009/02/15 13:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\SIFXINST
[2009/02/15 13:29:10 | 00,000,000 | ---D | C] -- C:\Bundle
[2009/02/15 13:28:25 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/02/15 13:28:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/02/15 13:27:55 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/02/15 13:27:52 | 00,002,238 | ---- | C] () -- C:\WINDOWS\System32\32-aol.ico
[2009/02/15 13:27:52 | 00,001,406 | ---- | C] () -- C:\WINDOWS\System32\16-aol.ico
[2009/02/15 13:27:50 | 00,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2009/02/15 13:27:50 | 00,051,656 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.bmp
[2009/02/15 13:27:21 | 00,069,722 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2009/02/15 13:27:20 | 00,185,824 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2009/02/15 13:27:20 | 00,114,688 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2009/02/15 13:27:20 | 00,090,202 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2009/02/15 13:27:20 | 00,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2009/02/15 13:27:19 | 00,077,917 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2009/02/15 13:27:19 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2009/02/15 13:24:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/02/15 13:24:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/15 13:24:39 | 00,024,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2009/02/15 13:24:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/02/15 13:24:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/02/15 13:24:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/02/15 13:23:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/02/15 13:23:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/02/15 13:23:22 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/02/15 13:21:26 | 00,000,366 | ---- | C] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/02/15 13:20:43 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/02/15 13:19:32 | 00,104,144 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/02/15 13:19:32 | 00,083,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/02/15 13:19:30 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/02/15 13:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/02/15 13:19:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/02/15 13:19:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/02/15 13:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/02/15 13:19:06 | 00,017,956 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2009/02/15 13:19:06 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
[2009/02/15 13:19:06 | 00,000,000 | ---D | C] -- C:\Program Files\BigFix
[2009/02/15 13:18:53 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/02/15 13:18:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2009/02/15 13:18:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/02/15 13:18:33 | 00,024,001 | ---- | C] () -- C:\WINDOWS\UNNeroBurnRights.cfg
[2009/02/15 13:17:54 | 00,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2009/02/15 13:17:51 | 01,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2009/02/15 13:17:51 | 00,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2009/02/15 13:17:51 | 00,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2009/02/15 13:17:51 | 00,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2009/02/15 13:17:51 | 00,176,128 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2009/02/15 13:17:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/02/15 13:17:49 | 00,000,000 | ---D | C] -- C:\Program Files\Ahead
[2009/02/15 13:16:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/02/15 13:16:49 | 00,040,960 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2009/02/15 13:16:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2009/02/15 13:16:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\New Boundary
[2009/02/15 13:16:46 | 00,000,002 | RHS- | C] () -- C:\USER
[2009/02/15 13:16:09 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/02/15 13:16:07 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/02/15 13:16:05 | 00,137,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys
[2009/02/15 13:16:00 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/02/15 13:15:58 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2009/02/15 13:15:56 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2009/02/15 13:15:54 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2009/02/15 13:15:52 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/02/15 13:15:50 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/02/15 13:15:48 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/02/15 13:15:45 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2009/02/15 13:15:05 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2009/02/15 13:15:04 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ohci1394.sys
[2009/02/15 13:15:04 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2009/02/15 13:14:33 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2009/02/15 13:14:33 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2009/02/15 13:14:17 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/02/15 13:14:17 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/02/15 13:14:16 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/02/15 13:14:16 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/02/15 13:14:16 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/02/15 13:14:05 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\compbatt.sys
[2009/02/15 13:14:04 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2009/02/15 13:14:03 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cmbatt.sys
[2009/02/15 13:12:09 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/02/15 13:10:00 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/02/15 13:09:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\creator
[2009/02/15 13:08:29 | 00,233,216 | ---- | C] (Marvell) -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/02/15 13:08:29 | 00,133,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2009/02/15 13:08:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2009/02/15 13:08:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\I386
[2009/02/15 13:08:04 | 00,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll
[2009/02/15 13:08:04 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsapi.dll
[2009/02/15 13:08:00 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wowfaxui.dll
[2009/02/15 13:07:57 | 00,003,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wowfax.dll
[2009/02/15 13:07:48 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv
[2009/02/15 13:07:41 | 00,049,211 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrvpa.dll
[2009/02/15 13:07:37 | 00,045,116 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrvoica.dll
[2009/02/15 13:07:34 | 00,049,209 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrv80a.dll
[2009/02/15 13:07:30 | 00,102,457 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrv42a.dll
[2009/02/15 13:07:27 | 00,041,019 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrsvpia.dll
[2009/02/15 13:07:23 | 00,090,180 | ---- | C] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrshuta.exe
[2009/02/15 13:07:20 | 00,049,211 | ---- | C] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrsdpia.dll
[2009/02/15 13:07:17 | 00,077,883 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrrtosa.dll
[2009/02/15 13:07:13 | 00,081,988 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrprbda.exe
[2009/02/15 13:07:10 | 00,098,371 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrmlnka.exe
[2009/02/15 13:07:06 | 00,053,305 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrlbva.dll
[2009/02/15 13:07:03 | 00,086,073 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrfaxa.dll
[2009/02/15 13:07:00 | 00,323,641 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrdtea.dll
[2009/02/15 13:06:56 | 00,077,890 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrdpa.dll
[2009/02/15 13:06:53 | 00,069,699 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrcoina.dll
[2009/02/15 13:06:49 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/02/15 13:06:49 | 00,061,500 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrcntra.dll
[2009/02/15 13:06:45 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsbyuv.dll
[2009/02/15 13:06:42 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\streamci.dll
[2009/02/15 13:06:41 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/02/15 13:06:38 | 00,072,192 | ---- | C] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\sprio800.dll
[2009/02/15 13:06:35 | 00,070,656 | ---- | C] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\sprio600.dll
[2009/02/15 13:06:30 | 00,069,632 | ---- | C] (S3/Diamond Multimedia) -- C:\WINDOWS\System32\spnike.dll
[2009/02/15 13:06:26 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pjlmon.dll
[2009/02/15 13:06:25 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pid.dll
[2009/02/15 13:06:22 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2009/02/15 13:06:15 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2009/02/15 13:06:08 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msyuv.dll
[2009/02/15 13:06:04 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh263.drv
[2009/02/15 13:05:59 | 00,147,968 | ---- | C] (RioPort) -- C:\WINDOWS\System32\mdwmdmsp.dll
[2009/02/15 13:05:55 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iyuv_32.dll
[2009/02/15 13:05:52 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hid.dll
[2009/02/15 13:05:50 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2009/02/15 13:05:46 | 00,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys
[2009/02/15 13:05:46 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2009/02/15 13:05:42 | 00,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2009/02/15 13:05:39 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2009/02/15 13:05:38 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2009/02/15 13:05:31 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys
[2009/02/15 13:05:31 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/02/15 13:05:30 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2009/02/15 13:05:29 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2009/02/15 13:05:28 | 00,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2009/02/15 13:05:25 | 00,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys
[2009/02/15 13:05:22 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/02/15 13:05:22 | 00,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys
[2009/02/15 13:05:21 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/02/15 13:05:20 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2009/02/15 13:05:19 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2009/02/15 13:05:19 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2009/02/15 13:05:15 | 00,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys
[2009/02/15 13:05:14 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2009/02/15 13:05:14 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2009/02/15 13:05:11 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\drivers\mxnic.sys
[2009/02/15 13:05:10 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2009/02/15 13:05:09 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2009/02/15 13:05:09 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2009/02/15 13:05:08 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2009/02/15 13:05:08 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2009/02/15 13:05:06 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys
[2009/02/15 13:05:05 | 00,036,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2009/02/15 13:05:04 | 00,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys
[2009/02/15 13:05:04 | 00,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys
[2009/02/15 13:05:03 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys
[2009/02/15 13:05:03 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009/02/15 13:05:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2009/02/15 13:05:02 | 00,037,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2009/02/15 13:05:01 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/02/15 13:05:01 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2009/02/15 13:04:59 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/02/15 13:04:58 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/02/15 13:04:58 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/02/15 13:04:56 | 00,052,224 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmutil.dll
[2009/02/15 13:04:50 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cnbjmon.dll

========== Files - Modified Within 30 Days ==========

[16 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/21 17:13:00 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-D0500D4837-Administrator).job
[2009/02/21 17:06:32 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\gmer.zip
[2009/02/21 17:06:18 | 00,511,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\OTListIt2.exe
[2009/02/21 06:35:54 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/21 06:34:51 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/20 23:42:04 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\HijackThis.lnk
[2009/02/20 23:36:52 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\VirtumundoBeGone.exe
[2009/02/20 23:30:42 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\HJTInstall.exe
[2009/02/20 22:24:06 | 00,000,795 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/20 22:21:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/20 22:20:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/20 22:20:16 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/20 14:49:47 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2009/02/20 14:47:24 | 00,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZENcast Organizer.lnk
[2009/02/20 00:56:19 | 00,173,456 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\FixVundo.exe
[2009/02/19 23:51:05 | 22,058,104 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\antivir_workstation_winu_en_h.exe
[2009/02/19 12:45:11 | 00,137,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys
[2009/02/19 12:42:32 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/02/19 12:42:32 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/02/19 06:40:15 | 00,001,215 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\regenesis.rtf
[2009/02/18 22:29:18 | 00,033,904 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/18 21:55:33 | 00,002,204 | ---- | M] () -- C:\WINDOWS\evgxjmlp
[2009/02/18 21:40:48 | 00,000,433 | ---- | M] () -- C:\WINDOWS\xccwinsys.ini
[2009/02/18 07:25:19 | 00,103,803 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\arrested developement [isoHunt] download.torrent
[2009/02/18 03:10:28 | 00,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/18 03:03:33 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/17 08:46:37 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2009/02/16 23:25:31 | 00,113,074 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\[isoHunt] XIII-The.Conspiracy[2008]DvDrip-aXXo.4660683.TPB.torrent
[2009/02/16 20:00:05 | 00,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/16 20:00:05 | 00,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/16 20:00:05 | 00,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/16 19:55:09 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/16 19:29:20 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/02/16 18:15:42 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\desktop.ini
[2009/02/16 17:22:29 | 00,093,609 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\[isoHunt] ReGenesis-Season1.torrent
[2009/02/16 04:38:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/16 03:21:02 | 00,048,623 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\[isoHunt] Terminator - The Sarah Connor Chronicles season 2 [smaragdtorrent.to].torrent
[2009/02/16 03:20:16 | 00,157,256 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\[isoHunt] Supernatural Complete Season 2 (KSFX2000).torrent
[2009/02/16 00:01:49 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/16 00:01:34 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/16 00:01:16 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/15 23:58:54 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\Spybot - Search & Destroy.lnk
[2009/02/15 23:56:59 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/02/15 23:18:23 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\Windows Media Player.lnk
[2009/02/15 23:13:42 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/02/15 23:13:42 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/02/15 21:51:09 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/02/15 21:34:07 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/02/15 21:18:53 | 00,000,478 | R--- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\My Videos.lnk
[2009/02/15 20:57:17 | 00,000,038 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/02/15 20:57:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 3.job
[2009/02/15 20:57:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 2.job
[2009/02/15 20:03:58 | 00,016,139 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\cosunia.odt
[2009/02/15 20:02:42 | 00,011,657 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\booklog.rtf
[2009/02/15 20:02:37 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\dragonflies.doc
[2009/02/15 20:02:37 | 00,041,996 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\fedora creepypasta.rtf
[2009/02/15 20:02:37 | 00,001,394 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\fafsa pin.rtf
[2009/02/15 20:02:37 | 00,001,021 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\gary-oldman-airport-copypasta.rtf
[2009/02/15 20:02:37 | 00,000,380 | ---- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\My Documents\higherone.rtf
[2009/02/15 19:21:38 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/15 13:56:58 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/02/15 13:54:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\Gateway_MX6650_Rev.1_T385B71003202.MRK
[2009/02/15 13:53:47 | 00,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2009/02/15 13:50:37 | 00,000,495 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2009/02/15 13:38:22 | 03,214,584 | -H-- | M] () -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Local Settings\Application Data\IconCache.db
[2009/02/15 13:36:23 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/02/15 13:33:27 | 00,001,097 | -H-- | M] () -- C:\IPH.PH
[2009/02/15 13:32:44 | 00,157,696 | ---- | M] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/02/15 13:32:38 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/02/15 13:31:18 | 00,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/02/15 13:29:59 | 00,000,004 | ---- | M] () -- C:\WINDOWS\Pix11.dat
[2009/02/15 13:29:14 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
[2009/02/15 13:24:46 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/02/15 13:22:47 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/02/15 13:17:45 | 00,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2009/02/15 13:16:46 | 00,000,002 | RHS- | M] () -- C:\USER
[2009/02/15 13:12:48 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/15 13:10:00 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/02/11 20:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/02/20 14:46:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/15 23:57:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/15 13:36:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/02/15 13:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/02/20 14:46:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009/02/15 19:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/02/15 23:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/16 04:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/15 13:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/02/15 13:41:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/02/20 00:58:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/15 22:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/02/15 13:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/02/15 13:16:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2009/02/15 13:32:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/02/15 13:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/02/16 03:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/15 20:59:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/02/15 13:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/15 21:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/02/19 12:23:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data
[2009/02/17 10:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Adobe
[2009/02/20 00:08:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\BitTorrent
[2009/02/15 20:07:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Creative
[2009/02/21 17:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\DNA
[2009/02/19 03:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\dvdcss
[2009/02/18 00:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\gtk-2.0
[2009/02/19 12:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\HP
[2009/02/15 13:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Identities
[2009/02/15 19:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Intel
[2009/02/17 04:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Macromedia
[2009/02/16 04:38:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Malwarebytes
[2009/02/15 13:30:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Microsoft
[2009/02/15 19:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Mozilla
[2009/02/15 13:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\SampleView
[2009/02/15 19:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\Sun
[2009/02/15 19:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\SystemRequirementsLab
[2009/02/15 21:26:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\vlc
[2009/02/15 13:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Application Data\You've Got Pictures Screensaver
[2009/02/16 00:01:49 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/10 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/15 20:57:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2009/02/15 20:57:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
[2009/02/21 17:13:00 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-D0500D4837-Administrator).job
[2009/02/20 22:21:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/02/15 13:22:47 | 00,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job

========== Purity Check ==========

< End of report >

OTListIt Extras logfile created on: 2/21/2009 5:14:47 PM - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 375.50 Mb Available Physical Memory | 37.02% Memory free
2.38 Gb Paging File | 1.67 Gb Available in Paging File | 70.24% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 47.55 Gb Free Space | 55.09% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.54 Gb Free Space | 51.82% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 111.94 Mb Total Space | 100.11 Mb Free Space | 89.43% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRAIGPARTAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon (America Online, Inc)
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed (America Online Inc)
C:\Program Files\Common Files\AOL\1234722692\EE\AOLServiceHost.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL (America Online Inc.)
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL ()
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL (AOL Spyware Protection)
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL (Gteko Ltd.)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{569C24E9-1D28-4738-99EF-6BEC75DC5F6A}" = Creative ZEN Vision W
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"24 Screensaver v2.0 by erazboy" = 24 Screensaver v2.0 by erazboy
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"BigFix" = BigFix
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_0460107B" = Soft Data Fax Modem with SmartCP
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee AntiSpyware" = McAfee AntiSpyware
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"ProInst" = Intel PROSet Wireless
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2009 8:51:27 AM | Computer Name = CRAIGPARTAIN | Source = ESENT | ID = 485
Description = wuauclt (2000) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/18/2009 10:40:47 PM | Computer Name = CRAIGPARTAIN | Source = Application Error | ID = 1000
Description = Faulting application winsinstall.exe, version 1.0.0.1, faulting module
winsinstall.exe, version 1.0.0.1, fault address 0x003d9260.

Error - 2/18/2009 10:41:44 PM | Computer Name = CRAIGPARTAIN | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3306, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 2/19/2009 9:31:58 AM | Computer Name = CRAIGPARTAIN | Source = Application Error | ID = 1000
Description = Faulting application VRT19.tmp, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.

Error - 2/19/2009 10:37:35 AM | Computer Name = CRAIGPARTAIN | Source = Application Error | ID = 1000
Description = Faulting application VRT1C.tmp, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.

Error - 2/19/2009 10:50:54 PM | Computer Name = CRAIGPARTAIN | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2009 10:50:55 PM | Computer Name = CRAIGPARTAIN | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2009 10:59:07 PM | Computer Name = CRAIGPARTAIN | Source = Application Error | ID = 1000
Description = Faulting application CcEvtSvc.exe, version 0.0.0.0, faulting module
CcEvtSvc.exe, version 0.0.0.0, fault address 0x00002df0.

Error - 2/19/2009 11:16:34 PM | Computer Name = CRAIGPARTAIN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module svchost.exe, version 5.1.2600.5512, fault address 0x00002ad6.

Error - 2/20/2009 1:58:49 AM | Computer Name = CRAIGPARTAIN | Source = Application Error | ID = 1000
Description = Faulting application fixvundo.exe, version 1.5.1.0, faulting module
fixvundo.exe, version 1.5.1.0, fault address 0x00009113.

[ System Events ]
Error - 2/20/2009 3:37:44 PM | Computer Name = CRAIGPARTAIN | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/20/2009 3:39:08 PM | Computer Name = CRAIGPARTAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/20/2009 3:39:09 PM | Computer Name = CRAIGPARTAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/20/2009 3:39:09 PM | Computer Name = CRAIGPARTAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/20/2009 3:55:07 PM | Computer Name = CRAIGPARTAIN | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/20/2009 3:56:57 PM | Computer Name = CRAIGPARTAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/20/2009 3:56:59 PM | Computer Name = CRAIGPARTAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/20/2009 3:56:59 PM | Computer Name = CRAIGPARTAIN | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 2/20/2009 3:59:45 PM | Computer Name = CRAIGPARTAIN | Source = WPDClassInstaller | ID = 90624
Description = It was not possible to install drivers for the device USB\Vid_041e&Pid_4153&Rev_0100.
Error code 0xe0000217.

Error - 2/20/2009 4:46:07 PM | Computer Name = CRAIGPARTAIN | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058


< End of report >

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-21 17:32:17
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code 86D64480 pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

.reloc C:\WINDOWS\system32\drivers\NDIS.sys section is executable [0x86CE2200, 0x32E2A, 0xE0000060]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\hkcmd.exe[180] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\hkcmd.exe[180] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\hkcmd.exe[180] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\hkcmd.exe[180] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\hkcmd.exe[180] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[272] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[272] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[272] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[272] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[272] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\DNA\btdna.exe[524] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\DNA\btdna.exe[524] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\DNA\btdna.exe[524] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\DNA\btdna.exe[524] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\DNA\btdna.exe[524] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FF93E1B
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FF93EAA
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FF93EB7
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FF93EA0
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FF93EF8
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[928] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[928] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[928] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[928] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[928] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\eHome\ehRecvr.exe[940] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\eHome\ehRecvr.exe[940] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\eHome\ehRecvr.exe[940] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\eHome\ehRecvr.exe[940] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\eHome\ehRecvr.exe[940] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[992] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[992] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1020] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1020] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1020] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1020] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1020] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\eHome\ehSched.exe[1104] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\eHome\ehSched.exe[1104] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\eHome\ehSched.exe[1104] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\eHome\ehSched.exe[1104] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\eHome\ehSched.exe[1104] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1120] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1120] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1120] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1120] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1120] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1184] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1184] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1184] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1184] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1184] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Java\jre6\bin\jusched.exe[1284] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Java\jre6\bin\jusched.exe[1284] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Java\jre6\bin\jusched.exe[1284] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Java\jre6\bin\jusched.exe[1284] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Java\jre6\bin\jusched.exe[1284] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\igfxtray.exe[1368] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\igfxtray.exe[1368] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\igfxtray.exe[1368] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\igfxtray.exe[1368] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\igfxtray.exe[1368] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\gmer.exe[1376] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Documents and Settings\Owner.CRAIGPARTAIN.000\Desktop\gmer.exe[1376] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1388] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1388] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1388] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1388] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1388] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1452] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Java\jre6\bin\jqs.exe[1452] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Java\jre6\bin\jqs.exe[1452] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Java\jre6\bin\jqs.exe[1452] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1452] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.reloc C:\WINDOWS\Explorer.EXE[1500] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE2000060]
.reloc C:\WINDOWS\Explorer.EXE[1500] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x01102728]
.text C:\WINDOWS\Explorer.EXE[1500] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\Explorer.EXE[1500] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\Explorer.EXE[1500] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\Explorer.EXE[1500] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\Explorer.EXE[1500] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[1528] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[1528] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[1528] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[1528] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[1528] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe[1624] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe[1624] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe[1624] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe[1624] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe[1624] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1656] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1656] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1656] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1656] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1656] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1668] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1668] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1668] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1668] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1668] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1684] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1684] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1684] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1684] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1684] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Messenger\msmsgs.exe[1808] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Messenger\msmsgs.exe[1808] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Messenger\msmsgs.exe[1808] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Messenger\msmsgs.exe[1808] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Messenger\msmsgs.exe[1808] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1832] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1832] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1832] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1832] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1832] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[1992] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[1992] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[1992] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[1992] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[1992] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\ctfmon.exe[2196] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2248] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2248] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2248] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2248] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2248] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2272] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2272] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2272] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2272] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2272] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2584] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2584] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2584] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2584] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2584] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2712] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2712] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2712] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2712] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2712] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2748] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2748] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2748] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2748] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2748] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[2816] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2888] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\BigFix\BigFix.exe[3000] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\BigFix\BigFix.exe[3000] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\BigFix\BigFix.exe[3000] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\BigFix\BigFix.exe[3000] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\BigFix\BigFix.exe[3000] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[3104] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3104] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[3104] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[3104] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[3104] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[3104] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\dllhost.exe[3220] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\dllhost.exe[3220] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\dllhost.exe[3220] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\dllhost.exe[3220] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\dllhost.exe[3220] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\ehome\ehtray.exe[3232] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\ehome\ehtray.exe[3232] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\ehome\ehtray.exe[3232] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\ehome\ehtray.exe[3232] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\ehome\ehtray.exe[3232] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[3348] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[3348] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\eHome\ehmsas.exe[3408] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\eHome\ehmsas.exe[3408] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\eHome\ehmsas.exe[3408] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\eHome\ehmsas.exe[3408] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\eHome\ehmsas.exe[3408] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3468] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3468] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3468] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3468] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3468] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3540] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3540] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3540] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3540] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3540] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3548] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3548] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3548] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3548] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3548] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3556] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3556] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3556] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3556] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3556] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[3596] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[3596] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[3596] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[3596] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[3596] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[3596] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3616] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3616] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3E

.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3616] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3616] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3616] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[3792] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[3792] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[3792] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[3792] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[3792] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[3792] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[3872] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\PROGRA~1\mcafee.com\agent\mcagent.exe[3872] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes Cÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ3EF8
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\progra~1\mcafee\MCAFEE~1\MssCli.exe[3968] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\progra~1\mcafee\MCAFEE~1\MssCli.exe[3968] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\progra~1\mcafee\MCAFEE~1\MssCli.exe[3968] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\progra~1\mcafee\MCAFEE~1\MssCli.exe[3968] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\progra~1\mcafee\MCAFEE~1\MssCli.exe[3968] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3992] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3992] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3992] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3992] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3992] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4084] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4084] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4084] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4084] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4084] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[708] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 028001C7
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9FE90043
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 5600017E
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00430280] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 028001C7
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9FE90043
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 5600017E
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00430280] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 028001C7
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9FE90043
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 5600017E
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00430280] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDEAD7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [7C80E9CF] C:\WINDOWS

IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[992] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 028001C7
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9FE90043
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 5600017E
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00430280] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[2816] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 028001C7
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9FE90043
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 5600017E
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00430280] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[3104] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDEAD7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [7C80E9CF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [7C90FF0D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [7C919B80] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C80EAAB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80C0E8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C80980A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C80A164] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809C88] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C8106C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80BE46] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C830D64] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C809BD7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C810C1E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C90FE01] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C831EC5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C861807] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C835DE2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C8309D1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80BE91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C8097B8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80997B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CB23] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C91135A] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C801629] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C834D59] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80AC51] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809E91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809F09] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C8097F6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [771248F0] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7712514A] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7712511B] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [771251E9] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77124950] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77124B39] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7712C6B5] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77F74EE6] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77F8C4CE] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6827C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7E430D96] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7E430277] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7E42AAFD] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7E429E3D] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7E418A80] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7E42A5AE] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7E427D2C] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7E42851A] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7E455E37] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7E42812F] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7E429313] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7E42C7F9] C:\WINDOWS\system32\USER32.dll (Wind

IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7E418F9C] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7E430265] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7E430DBA] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3348] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [780780E7] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DDE9E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6A9F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD6FEF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDD757] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE5196] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DE4312] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD7AAB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DDEAD7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DE4280] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DD6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80D2F2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C809AE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C812F06] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C813123] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B55F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812FC9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C8449FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80B731] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80BA61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C92ABA5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C838E00] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C80CD38] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C838A24] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80A520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C81CAFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80BE91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8101A1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C812FAD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C81126A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C8106C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80A0CB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C83089D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80E9CF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809BD7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EAAB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80A0A7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80981E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C834D59] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C830D64] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80BB31] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C809832] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C814B82] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C83290F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C863AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C809B02] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C8021D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C839725] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C90FE01] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C810E17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C8107F0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C810FC2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C80A164] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C809C88] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C812A99] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C80AA5C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C80AA26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C80BAF4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C812C46] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3596] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DDE9E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6A9F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD6FEF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDD757] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE5196] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DE4312] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD7AAB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DDEAD7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DE4280] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DD6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80D2F2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C809AE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C812F06] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C813123] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B55F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C8449FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C863E6A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80B731] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80BA61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C92ABA5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C838E00] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C80CD38] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C838A24] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80A520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C81CAFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80BE91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C8101A1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C812FAD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C81126A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C8106C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80A0CB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C83089D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80E9CF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C809BD7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80EAAB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C80BE46] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80981E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C834D59] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C830D64] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C80A864] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80BB31] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C809832] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C814B82] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C83290F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C809B02] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C8021D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C839725] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C90FE01] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C810E17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80A164] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C809C88] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C80AA5C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C80AA26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C80BAF4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C812C46] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C919B80] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809E91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C90FF0D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3792] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C8097B8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLHOS~1.EXE[3932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\123472~1\EE\AOLServiceHost.exe[3960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\NDIS \Device\Ndis [86CE9984] NDIS.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Files - GMER 1.0.14 ----

File C:\WINDOWS\system32\drivers\symndis.sys (size mismatch) 46208/0 bytes executable
File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 182912/0 bytes executable

---- EOF - GMER 1.0.14 ----

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Malwarebytes' Anti-Malware 1.34
Database version: 1765
Windows 5.1.2600 Service Pack 3

2/23/2009 1:33:16 AM
mbam-log-2009-02-23 (01-33-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 143923
Time elapsed: 53 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\BN41.tmp (Trojan.Agent) -> Quarantined and deleted successfully.




Malwarebytes only found that one trojan, but like I said, I've run that program as well as Spybot and AdAware, several times over the last few days. They seem to work for a while, but the infection keeps returning.

That is ok I think something bigger is at play here:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

I've had the laptop disconnected from the internet for a few days, since the worst of the problems seem to arise when I'm connected. So I downloaded ATF Cleaner from my sister's computer and copied it over to my laptop via a flash drive.

But when I reconnected my laptop back to the internet to try the Kapersky scan, there's a problem. There's either a problem with the connection (unlikely) or something is blocking my access to it. Websites aren't loading at all.

Ok try this please:
Copy it to the computer via flash drive:

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects foun