Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.sonar can not run spybot or combofix


  • Please log in to reply

#1
dink81

dink81

    New Member

  • Member
  • Pip
  • 9 posts
Hey i hope someone can help me with this. I got bloodhound.sonar on my computer and deleted it with Norton but of course its still there. It will not let me run spybot combofix, and i had to go into safe mode 3 times before i could run a HJT log. Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:39 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\jlopfmwe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\lsass.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O4 - HKLM\..\Run: [16852] C:\jlopfmwe.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\1302655068.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155987812171
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/d...lugin_0.5.1.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - http://www.platoweb0...ab/pwlninst.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadj...aller_4-2-0.cab
O20 - AppInit_DLLs: ewtfhjpk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: __c0069684 - C:\WINDOWS\system32\__c0069684.dat
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9129 bytes
Any help will be apreciated. Ive been through this before but if i cant get the removal programs to run thats kind of where my expertiese ends. Thanks!
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello dink81

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
=========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
dink81

dink81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTLISTIT

OTListIt logfile created on: 5/17/2009 4:19:18 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Stuff
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.28% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.07 Gb Total Space | 38.04 Gb Free Space | 16.98% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.44 Gb Free Space | 4.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CROSEBERRY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\LxrSII1s.exe ()
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
PRC - C:\jlopfmwe.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\HP_Administrator\Desktop\Stuff\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrv [Disabled | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
SRV - (InCDsrvR [Disabled | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe (Symantec Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LxrSII1s [Auto | Running]) -- C:\WINDOWS\System32\LxrSII1s.exe ()
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RMSvc [Auto | Running]) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SymAppCore [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (CA561 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS (SP)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AtiHdAud.sys (ATI Research Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Ahead Software AG)
DRV - (incdrm [System | Stopped]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Ahead Software AG)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LxrSII1d [Auto | Running]) -- C:\WINDOWS\system32\Drivers\LxrSII1d.sys ()
DRV - (MASPINT [Auto | Running]) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071015.009\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071015.009\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RT25USBAP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\rt25usbap.sys (Ralink Technology Inc.)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (s616bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s616bus.sys (MCCI Corporation)
DRV - (s616mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s616mdfl.sys (MCCI Corporation)
DRV - (s616mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s616mdm.sys (MCCI Corporation)
DRV - (s616mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s616mgmt.sys (MCCI Corporation)
DRV - (s616obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s616obex.sys (MCCI Corporation)
DRV - (samhid [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\samhid.sys ()
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (st3bus28 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\st3bus28.sys (Generic)
DRV - (st3mp28 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\st3mp28.sys (Generic)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20071011.001\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USB200M [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\USB200M2.sys (Linksys)
DRV - (vmm [System | Running]) -- C:\WINDOWS\system32\Drivers\vmm.sys (Microsoft Corporation)
DRV - (VPCNetS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.1.20080801
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/04 15:36:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/06/30 02:38:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/02/22 00:39:55 | 00,000,000 | ---D | M]

[2009/02/22 00:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2008/06/30 02:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/22 00:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\[email protected]
[2009/05/09 12:57:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\p8e0l6qy.default\extensions
[2008/09/27 18:27:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\p8e0l6qy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\p8e0l6qy.default\searchplugins\MySpace.xml
[2009/05/09 12:57:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/06/30 02:38:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/04 15:36:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/05/29 16:09:12 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/05/29 16:09:13 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/05/29 10:24:14 | 00,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (311525 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10750 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [18271] C:\jlopfmwe.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\TEMP\ntdll64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\TEMP\ntdll64.dll ()
O15 - HKLM\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1155987812171 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Imikimi_activex_plugin Control)
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} http://www.platoweb0...ab/pwlninst.cab (PWLNINST Control)
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} http://pbells.broadj...aller_4-2-0.cab (Reg Error: Value error.)
O18 - Protocol\Filter: - application/octet-stream - File not found
O18 - Protocol\Filter: - application/x-complus - File not found
O18 - Protocol\Filter: - application/x-msdownload - File not found
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\__c0069684: DllName - C:\WINDOWS\system32\__c0069684.dat - C:\WINDOWS\system32\__c0069684.dat ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - sdfsefsfdvdubgiungfuyd - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/25 17:58:43 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/16 15:14:20 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/16 15:14:20 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/05/16 15:11:08 | 21,459,64032 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/16 15:07:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/16 14:25:21 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/05/16 12:35:33 | 00,000,445 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/05/16 11:09:38 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc32.exe
[2009/05/16 11:09:38 | 00,082,432 | ---- | C] () -- C:\WINDOWS\System32\resdll.dll
[2009/05/16 10:59:56 | 00,000,219 | ---- | C] () -- C:\xcrashdump.dat
[2009/05/16 10:58:46 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\sto453189.dat
[2009/05/16 10:58:33 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/16 10:58:06 | 00,125,440 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/05/16 10:58:02 | 00,042,496 | ---- | C] () -- C:\vfmf.exe
[2009/05/16 10:58:01 | 00,000,000 | ---- | C] () -- C:\ywko.exe
[2009/05/16 10:58:00 | 00,000,002 | ---- | C] () -- C:\-602625458
[2009/05/16 10:57:58 | 00,082,324 | ---- | C] () -- C:\lsass.exe
[2009/05/16 10:57:57 | 00,082,324 | ---- | C] () -- C:\jlopfmwe.exe
[2009/05/16 10:57:56 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\jkshfuiehi.dll
[2009/05/16 10:57:55 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c0069684.dat
[2009/05/16 10:57:53 | 00,057,856 | ---- | C] () -- C:\fmsq.exe
[2009/05/16 10:57:53 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/15 19:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\TMInc
[2009/05/15 19:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2009/05/15 19:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2009/05/15 19:56:26 | 00,000,846 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Treasure Masters, Inc..lnk
[2009/05/15 19:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Viva Media
[2009/05/15 19:52:50 | 00,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Mystery Case Files - Ravenhearst.lnk
[2009/05/15 19:47:43 | 00,000,000 | ---D | C] -- C:\Program Files\Mystery Case Files - Ravenhearst
[2009/05/15 19:46:32 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2009/05/15 19:46:31 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2009/05/15 19:46:31 | 00,001,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk
[2009/05/15 19:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2009/05/15 19:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2009/05/10 01:55:42 | 00,000,821 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ConvertXtoDvd.lnk
[2009/05/10 01:20:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ConvertXtoDVD
[2009/05/10 01:20:01 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\vso_ts_preview.xml
[2009/05/10 01:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\CopyToDvd
[2009/05/09 10:32:56 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GameSpy Arcade.lnk
[2009/05/09 10:32:51 | 00,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2009/05/09 10:32:32 | 00,001,116 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Midnight Outlaw Illegal Street Drag.lnk
[2009/05/09 10:31:55 | 00,000,000 | ---D | C] -- C:\Program Files\ValuSoft
[2009/05/08 23:24:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\MySpaceIM Pics
[2009/04/28 19:11:00 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\SHEILA RESUME.wps
[2009/04/28 19:10:12 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled Document.wps
[2008/11/30 06:45:22 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/23 16:14:10 | 00,131,584 | ---- | C] () -- C:\WINDOWS\System32\hqopvphx.dll
[2008/06/16 14:45:12 | 00,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/04/24 17:41:00 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2008/04/24 17:41:00 | 00,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/06/22 16:33:59 | 00,007,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samhid.sys
[2007/03/21 06:17:42 | 00,000,326 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/03/21 06:17:40 | 00,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/02/15 05:29:02 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/21 04:26:56 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/19 05:14:02 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/05 06:28:51 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/11/01 09:24:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Swat.INI
[2006/10/26 07:05:35 | 00,000,464 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/10/25 06:27:01 | 00,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2006/10/16 08:58:56 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\sam.ini
[2006/10/16 08:49:47 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\FDRpage.dll
[2006/10/14 15:51:50 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2006/07/31 11:47:50 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/07/31 11:47:49 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/07/16 16:47:26 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/12 04:44:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/07/09 04:45:14 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/07/09 04:45:14 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/07 16:40:02 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/07/07 16:36:59 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/25 18:26:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/25 18:06:24 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/25 18:01:16 | 00,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/25 18:01:10 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/25 17:58:57 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/25 17:56:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/25 17:46:27 | 00,001,253 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/25 17:45:51 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/25 17:29:02 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/25 17:29:02 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/25 17:29:02 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/25 17:29:02 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/25 17:29:01 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/25 17:29:01 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/25 17:29:01 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/25 17:27:51 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/25 17:08:09 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/25 17:08:09 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/25 17:07:54 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/30 08:42:22 | 00,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2005/08/31 00:02:00 | 00,000,655 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 16:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 10:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 03:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/11/17 18:13:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Files - Modified Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/17 04:14:38 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 04:14:12 | 00,000,445 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/05/17 04:12:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/05/17 04:12:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 04:11:50 | 21,459,64032 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/16 16:13:59 | 00,082,324 | ---- | M] () -- C:\lsass.exe
[2009/05/16 16:13:59 | 00,082,324 | ---- | M] () -- C:\jlopfmwe.exe
[2009/05/16 16:13:11 | 00,000,219 | ---- | M] () -- C:\xcrashdump.dat
[2009/05/16 15:14:20 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/05/16 15:09:35 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/16 11:09:38 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc32.exe
[2009/05/16 11:09:38 | 00,082,432 | ---- | M] () -- C:\WINDOWS\System32\resdll.dll
[2009/05/16 11:00:19 | 00,042,496 | ---- | M] () -- C:\vfmf.exe
[2009/05/16 11:00:17 | 00,000,002 | ---- | M] () -- C:\-602625458
[2009/05/16 11:00:04 | 00,057,856 | ---- | M] () -- C:\fmsq.exe
[2009/05/16 10:58:46 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\sto453189.dat
[2009/05/16 10:58:33 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/05/16 10:58:33 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/16 10:58:32 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\__c0069684.dat
[2009/05/16 10:58:01 | 00,000,000 | ---- | M] () -- C:\ywko.exe
[2009/05/16 10:57:59 | 00,125,440 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/05/16 10:57:59 | 00,125,440 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/05/16 10:57:56 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\jkshfuiehi.dll
[2009/05/16 10:57:53 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/16 03:06:18 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/05/15 19:56:26 | 00,000,846 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Treasure Masters, Inc..lnk
[2009/05/15 19:52:50 | 00,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Mystery Case Files - Ravenhearst.lnk
[2009/05/15 19:52:50 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2009/05/15 19:46:31 | 00,001,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk
[2009/05/10 02:55:11 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\vso_ts_preview.xml
[2009/05/10 01:55:42 | 00,000,821 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ConvertXtoDvd.lnk
[2009/05/09 10:32:56 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GameSpy Arcade.lnk
[2009/05/09 10:32:32 | 00,001,116 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Midnight Outlaw Illegal Street Drag.lnk
[2009/05/08 22:56:34 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MySpaceIM.lnk
[2009/05/08 12:10:00 | 00,000,326 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2009/05/08 11:46:53 | 00,000,356 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Share Setup.lnk
[2009/05/07 03:56:17 | 00,311,525 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/28 19:15:20 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\SHEILA RESUME.wps
[2009/04/28 19:15:20 | 00,001,254 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2009/04/28 19:10:12 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Untitled Document.wps

========== LOP Check ==========

[2009/05/15 19:57:24 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/24 07:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/05/25 17:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/11/16 03:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/05/15 19:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008/11/24 07:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/11/24 07:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2006/12/19 05:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2008/05/13 02:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/30 16:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/05/25 03:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/05/15 19:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2008/10/18 05:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2007/03/21 06:23:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/05/25 17:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2006/05/25 17:44:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/05/14 15:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2006/05/25 18:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2006/05/25 17:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/01/28 15:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2006/05/25 17:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/05/25 17:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/01/03 14:07:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/17 12:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2006/09/10 20:17:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2007/06/05 06:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2006/05/25 17:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/05/25 17:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/05/16 14:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/02/13 06:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2006/09/10 20:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2008/08/04 18:34:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/15 19:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/24 07:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/07 06:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/07/07 06:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/12/14 23:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/05/15 19:57:24 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\HP_Administrator\Application Data
[2007/04/24 04:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\1clickPro
[2006/12/19 05:24:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\acccore
[2006/07/13 03:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2006/08/12 08:06:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
[2007/03/17 18:04:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Ahead
[2008/12/08 10:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Aim
[2007/02/15 05:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\AOL
[2007/06/05 06:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
[2008/05/25 03:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\ATI
[2009/05/10 01:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\CopyToDvd
[2007/05/22 16:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\CyberLink
[2008/04/24 17:59:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\FUJIFILM
[2006/08/14 05:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Help
[2008/03/22 17:14:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\HP
[2006/08/23 08:09:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
[2005/11/14 21:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2006/05/25 17:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2008/11/16 03:05:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\iWin
[2006/07/07 06:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
[2009/05/16 10:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
[2006/07/06 16:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2009/01/30 19:10:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2008/06/30 02:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
[2006/07/07 06:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\MSNInstaller
[2007/03/14 00:08:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\MySpace
[2008/12/08 10:48:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2007/10/06 13:12:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\ScummVM
[2006/10/14 16:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\SlySoft
[2006/07/07 06:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
[2006/09/07 04:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun
[2007/02/13 06:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2007/01/24 17:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\teamspeak2
[2007/02/21 05:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Template
[2009/05/15 19:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\TMInc
[2009/01/26 09:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
[2008/04/09 05:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
[2007/01/11 15:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
[2009/05/16 03:04:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Vso
[2006/07/07 06:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\WildTangent
[2007/11/01 03:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
[2008/02/22 07:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
[2008/11/16 03:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
[2006/07/06 16:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\You've Got Pictures Screensaver
[2007/06/05 06:53:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/12/29 03:40:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2006/10/27 20:23:42 | 00,000,552 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
[2006/10/27 20:31:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
< End of report >


EXTRAS
OTListIt Extras logfile created on: 5/17/2009 4:19:18 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Stuff
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.28% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.07 Gb Total Space | 38.04 Gb Free Space | 16.98% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.44 Gb Free Space | 4.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CROSEBERRY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent ()
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\1152217368\EE\AOLServiceHost.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (AOL LLC)
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL (Gteko Ltd.)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP (Hewlett-Packard)
C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector File not found
C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX File not found
C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft (Blizzard Entertainment)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM ()
\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00116AA6-4B2B-F8ED-09BE-2F31C8A3133A}" = CCC Help English
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEE9908-C572-C898-29AB-599316AACF13}" = CCC Help French
"{0CF203DD-6CB7-5BC0-59A7-41EB9F1A1856}" = Catalyst Control Center Graphics Full Existing
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{20301A7A-AADB-4963-A8AE-23D09FFFD654}" = Symantec Real Time Storage Protection Component
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{289678F6-FF27-441c-B795-CB77192C8B78}" = CameraUserGuides
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3BE5A38D-AFC7-E22F-0212-E828A0EC082F}" = CCC Help Spanish
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{499AC598-A762-B906-46A4-6186E524C5A8}" = Catalyst Control Center Graphics Light
"{52D9F8A1-CA3E-74CF-B389-8DA323176C39}" = Catalyst Control Center Localization French
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{575BB7B4-181E-900F-2350-038909750C84}" = ccc-core-preinstall
"{5A9D6A0C-8FF3-45FB-800F-A938785C0D75}" = WinaXe_Plus
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{625304B0-2976-473B-AD81-5CA376093F03}" = Xingtone Ringtone Maker
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A95259-8ED6-51A0-9588-10EBBEB76382}" = Catalyst Control Center Core Implementation
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E404E69-8FB4-712B-1671-DA41DC207F2A}" = Catalyst Control Center Localization German
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9712BAB1-A117-49C4-4A42-1E777375FC92}" = Catalyst Control Center Graphics Previews Common
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}" = ATI MCE Transcode
"{9D78F390-CEB0-D675-A4FE-110EEFA0542D}" = Catalyst Control Center Graphics Full New
"{9E49A8EE-AF96-451a-8468-CD2506108218}" = HP Photosmart Cameras 9.0
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A26EA334-7F6C-0BAE-6BC9-2F2E2DB6C34C}" = Catalyst Control Center Localization Spanish
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7947E1A-5793-4504-A2B3-5974D2A69927}" = Midnight Outlaw Illegal Street Drag
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1864C9A-EB83-2F77-6A08-889190944BE3}" = ccc-utility
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B41023CD-05AC-728C-1CB9-D67F06185FD0}" = Skins
"{B4FC29C3-21CA-4D9C-375D-4F4D977C9910}" = CCC Help Chinese Standard
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258g
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}" = nullDC 1.0.0 Public Beta 1 Setup
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CF3E63F8-9D7D-EE52-A43E-4A619C7D5BF1}" = CCC Help German
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DAA83A60-587F-8A36-D805-5E40AF88BC2E}" = ccc-core-static
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E8F5BF90-EA70-CA31-FD76-A8BFB4573B03}" = Catalyst Control Center Localization Chinese Standard
"{E93525C8-AB72-40ad-845F-34393FA2F9FE}" = CameraDrivers
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6C6303B-F56F-11D5-B90B-005004892044}" = LEAD MCMP_MJPEG Codec Eval
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 2.2.3.5
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BellSouth" = BellSouth FastAccess DSL Help Center
"BFGC" = Big Fish Games Client
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst™
"BrowsingProgram" = BrowsingProgram
"Chessmaster 9000" = Chessmaster 9000
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Digital Media Converter_is1" = Digital Media Converter 2.76
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.9.6
"EHome Devices" = Media Center Extender
"eMule" = eMule
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"Hu-Go!_is1" = Hu-Go! 2.12
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Jewel Quest III" = Jewel Quest III (remove only)
"Lexmark 1200 Series" = Lexmark 1200 Series
"LimeWire" = LimeWire 5.1.1
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0)" = Mozilla Firefox (3.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPINT" = MicroStaff WINASPI NT
"MySpaceIM" = MySpaceIM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PLATO Web Learning Network Clients" = PLATO Web Learning Network Clients
"Police Quest : SWAT 2" = Police Quest : SWAT 2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"ScummVM_is1" = ScummVM 0.10.0
"Street Rod 2" = Street Rod 2 (remove only)
"SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation)
"TigerGame PS/PS2 Game Controller Adapter" = TigerGame PS/PS2 Game Controller Adapter
"Treasure Masters, Inc." = Treasure Masters, Inc.
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 6.5.1
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"WT005641" = Insaniquarium Deluxe
"WT006069" = FATE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD Video Codec" = XviD Video Codec 1.1.2-01022007
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2009 2:11:50 PM | Computer Name = CROSEBERRY | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.15.0.1000, faulting
module superantispyware.exe, version 4.15.0.1000, fault address 0x000792a7.

Error - 5/16/2009 3:05:37 PM | Computer Name = CROSEBERRY | Source = SDWinSec.exe | ID = 0
Description =

Error - 5/16/2009 3:12:25 PM | Computer Name = CROSEBERRY | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 5/16/2009 3:40:19 PM | Computer Name = CROSEBERRY | Source = Application Error | ID = 1000
Description = Faulting application jlopfmwe.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000360ad.

Error - 5/16/2009 4:10:27 PM | Computer Name = CROSEBERRY | Source = Application Error | ID = 1000
Description = Faulting application jlopfmwe.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000360ad.

Error - 5/16/2009 4:11:11 PM | Computer Name = CROSEBERRY | Source = Application Error | ID = 1001
Description = Fault bucket 1274563606.

Error - 5/16/2009 4:13:55 PM | Computer Name = CROSEBERRY | Source = Application Error | ID = 1000
Description = Faulting application jlopfmwe.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000360ad.

Error - 5/16/2009 6:30:08 PM | Computer Name = CROSEBERRY | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x800705AA

Error - 5/16/2009 6:35:38 PM | Computer Name = CROSEBERRY | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 5/16/2009 6:41:09 PM | Computer Name = CROSEBERRY | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x800705AA

[ System Events ]
Error - 5/17/2009 3:45:56 AM | Computer Name = CROSEBERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1450" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 5/17/2009 3:50:56 AM | Computer Name = CROSEBERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1450" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 5/17/2009 3:55:56 AM | Computer Name = CROSEBERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1450" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 5/17/2009 4:00:56 AM | Computer Name = CROSEBERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1450" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 5/17/2009 4:05:56 AM | Computer Name = CROSEBERRY | Source = DCOM | ID = 10005
Description = DCOM got error "%1450" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 5/17/2009 4:13:00 AM | Computer Name = CROSEBERRY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/17/2009 4:14:33 AM | Computer Name = CROSEBERRY | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 5/17/2009 4:14:33 AM | Computer Name = CROSEBERRY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service
service to connect.

Error - 5/17/2009 4:14:33 AM | Computer Name = CROSEBERRY | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%1053

Error - 5/17/2009 4:14:33 AM | Computer Name = CROSEBERRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >


GMER

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-17 17:07:11
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x63 ? 8AA92BF8
INT 0x63 ? 8AA92BF8
INT 0x63 ? 8A97BF00
INT 0x63 ? 8AA92BF8
INT 0x73 ? 8AA92BF8
INT 0x73 ? 8AA92BF8
INT 0x73 ? 8A97BF00
INT 0x73 ? 8AA92BF8
INT 0x82 ? 8AA92BF8

Code 8A1F7730 ZwEnumerateKey
Code 89E536F0 ZwFlushInstructionCache
Code 89E83826 IofCallDriver
Code 89D4A506 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 89E8382B
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 89D4A50B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 89E536F4
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 8A1F7734
? spoa.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B973E8AC 5 Bytes JMP 8A97B4E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[184] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[184] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[184] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[184] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[184] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[184] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\LxrSII1s.exe[308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\LxrSII1s.exe[308] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\LxrSII1s.exe[308] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\LxrSII1s.exe[308] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\LxrSII1s.exe[308] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\LxrSII1s.exe[308] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Motive\McciCMService.exe[344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Motive\McciCMService.exe[344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Motive\McciCMService.exe[344] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Motive\McciCMService.exe[344] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Motive\McciCMService.exe[344] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Motive\McciCMService.exe[344] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[368] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[368] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[368] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[368] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[368] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\ehome\RMSvc.exe[484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\ehome\RMSvc.exe[484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\ehome\RMSvc.exe[484] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\ehome\RMSvc.exe[484] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\ehome\RMSvc.exe[484] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\ehome\RMSvc.exe[484] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[528] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[528] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[544] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[544] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[544] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[544] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[544] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[544] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\system32\Ati2evxx.exe[988] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\Ati2evxx.exe[988] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\Ati2evxx.exe[988] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\Ati2evxx.exe[988] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\Ati2evxx.exe[988] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\Ati2evxx.exe[988] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1008] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1008] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\system32\svchost.exe[1116] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1116] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[1160] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[1160] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1228] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1228] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1332] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1332] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1512] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1512] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1512] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[1512] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\system32\LEXBCES.EXE[1588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\LEXBCES.EXE[1588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\LEXBCES.EXE[1588] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\LEXBCES.EXE[1588] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\LEXBCES.EXE[1588] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\LEXBCES.EXE[1588] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\LEXPPS.EXE[1612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\LEXPPS.EXE[1612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\LEXPPS.EXE[1612] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\LEXPPS.EXE[1612] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\LEXPPS.EXE[1612] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\LEXPPS.EXE[1612] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1712] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1712] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\arservice.exe[1744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\arservice.exe[1744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\arservice.exe[1744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\arservice.exe[1744] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\arservice.exe[1744] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\arservice.exe[1744] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1856] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1856] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[1856] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\eHome\ehRecvr.exe[1908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\eHome\ehRecvr.exe[1908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\eHome\ehRecvr.exe[1908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\eHome\ehRecvr.exe[1908] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\eHome\ehRecvr.exe[1908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\eHome\ehRecvr.exe[1908] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\eHome\ehSched.exe[1928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\eHome\ehSched.exe[1928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\eHome\ehSched.exe[1928] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\eHome\ehSched.exe[1928] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\eHome\ehSched.exe[1928] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\eHome\ehSched.exe[1928] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1956] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1956] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Java\jre6\bin\jqs.exe[2020] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\dllhost.exe[2488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\dllhost.exe[2488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\dllhost.exe[2488] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\dllhost.exe[2488] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\dllhost.exe[2488] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\dllhost.exe[2488] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2956] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2956] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2956] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2956] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\Explorer.EXE[2972] Explorer.EXE 0101A57C 4 Bytes [FF, 15, 1C, 11]
.text C:\WINDOWS\Explorer.EXE[2972] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44C09, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[2972] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040]
.text C:\WINDOWS\Explorer.EXE[2972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\Explorer.EXE[2972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\Explorer.EXE[2972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\Explorer.EXE[2972] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\Explorer.EXE[2972] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\Explorer.EXE[2972] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3728] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3728] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3728] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3728] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5556] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[6156] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\spoolsv.exe[6156] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\spoolsv.exe[6156] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\spoolsv.exe[6156] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\spoolsv.exe[6156] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\spoolsv.exe[6156] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\spoolsv.exe[6156] msvcrt.dll!tan 77C4D5E4 2 Bytes [83, 7C]
.text C:\WINDOWS\system32\spoolsv.exe[6156] msvcrt.dll!tan + 3 77C4D5E7 5 Bytes [08, 01, 75, 19, 6A]
.text C:\WINDOWS\system32\spoolsv.exe[6156] msvcrt.dll!tan + 9 77C4D5ED 28 Bytes [6A, 00, 68, 92, 67, 90, 7C, ...]
.text C:\WINDOWS\system32\svchost.exe[6720] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[6720] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[6720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[6720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[6720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[6720] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[6720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[6720] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[15192] number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[15192] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[15192] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[15192] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[15192] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[15192] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[15192] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[15192] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[15192] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[15200] number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[15200] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[15200] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[15200] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[15200] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[15200] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[15200] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[15200] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[15200] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[15208] number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[15208] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[15208] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[15208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[15208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[15208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[15208] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[15208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[15208] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[15900] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[15900] C:\WINDOWS\System32\svchost.exe section is writeable [0x13141000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[15900] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[15900] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[15900] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[15900] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[15900] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[15900] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[15900] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[15920] time/date stamp mismatch; unknown module: urlmon.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[15920] C:\WINDOWS\System32\svchost.exe section is writeable [0x13141000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[15920] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[15920] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[15920] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[15920] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[15920] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[15920] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[15920] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[15944] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[15944] C:\WINDOWS\System32\svchost.exe section is writeable [0x13141000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[15944] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[15944] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[15944] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[15944] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[15944] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[15944] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[15944] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[15988] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[15988] C:\WINDOWS\System32\svchost.exe section is writeable [0x13141000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[15988] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[15988] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[15988] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[15988] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[15988] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[15988] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[15988] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[42980] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[42980] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[42980] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[42980] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[42980] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[42980] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Documents and Settings\HP_Administrator\Desktop\Stuff\8qmw47xn.exe[44084] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Documents and Settings\HP_Administrator\Desktop\Stuff\8qmw47xn.exe[44084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Documents and Settings\HP_Administrator\Desktop\Stuff\8qmw47xn.exe[44084] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Documents and Settings\HP_Administrator\Desktop\Stuff\8qmw47xn.exe[44084] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Documents and Settings\HP_Administrator\Desktop\Stuff\8qmw47xn.exe[44084] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Documents and Settings\HP_Administrator\Desktop\Stuff\8qmw47xn.exe[44084] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[112744] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spoa.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spoa.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spoa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spoa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spoa.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spoa.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 1E9401C7
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] ECE90045
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560002F0
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00451E94] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 02F0DEE8
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] F45DE856
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 02F959E8
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0343D7E8
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] ADE8F075
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830002EF
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] A006C70C
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E800451E
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 89E8C68B
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000344
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 1EA006C7
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] F5E80045
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 40E95ECE
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830002F0
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] F3A9E856
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] AC01C700
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E900451E
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 451EAC06
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7CE85607] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590002F3
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 449C60B8
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 432EE800
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0003
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0002EF77
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 451EA006
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0343DBE8
IAT C:\WINDOWS\System32\svchost.exe[15192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 1E9401C7
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] ECE90045
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560002F0
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00451E94] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 02F0DEE8
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] F45DE856
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 02F959E8
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0343D7E8
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] ADE8F075
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830002EF
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] A006C70C
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E800451E
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 89E8C68B
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000344
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 1EA006C7
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] F5E80045
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 40E95ECE
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830002F0
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] F3A9E856
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] AC01C700
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E900451E
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 451EAC06
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7CE85607] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590002F3
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 449C60B8
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 432EE800
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0003
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0002EF77
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 451EA006
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0343DBE8
IAT C:\WINDOWS\System32\svchost.exe[15200] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 1E9401C7
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] ECE90045
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560002F0
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00451E94] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 02F0DEE8
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] F45DE856
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 02F959E8
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0343D7E8
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] ADE8F075
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830002EF
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] A006C70C
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E800451E
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 89E8C68B
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C2000344
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 1EA006C7
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] F5E80045
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 40E95ECE
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830002F0
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] F3A9E856
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590002
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] AC01C700
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E900451E
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 451EAC06
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7CE85607] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590002F3
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 449C60B8
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 432EE800
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0003
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0002EF77
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 451EA006
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0343DBE8
IAT C:\WINDOWS\System32\svchost.exe[15208] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C813133] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80DE95] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C812847] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C84495D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C863FCA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C9104DD] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C8097E0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80BA71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C812B7E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8101B1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C810800] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C810FD2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C830791] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C801629] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C80A174] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C80AA36] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C812AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80BB04] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80A0B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C80982E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C8308B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809F91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C80A0DB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C919BA0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15900] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 00000000
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [7C919BA0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C80981A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C80A174] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C810C2E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C861967] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C835DFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C8309E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809F91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80998B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C91137A] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C801629] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809806] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [771248F0] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7712514A] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7712511B] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [771251E9] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77124950] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77124B39] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7712C6B5] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77F74EE6] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77F8C4CE] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6827C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000000
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7E430D96] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7E430277] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7E42AAFD] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7E429E3D] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7E418A80] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7E42A5AE] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7E427D2C] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7E42851A] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7E455E37] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7E42812F] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7E429313] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7E42C7F9] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7E418F9C] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7E430265] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7E430DBA] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000
IAT C:\WINDOWS\System32\svchost.exe[15920] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [780780E7] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C80CD48] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C838E18] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C813133] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80B56F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C8097E0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80BA71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812B7E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C810800] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C810FD2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C80A174] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C812AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C80AA36] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C80BB04] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C80A0B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C80982E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C809842] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C8308B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C809F91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C80A0DB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C919BA0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C8099CF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C82F7A8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C834EE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C813879] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C80EE77] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80BA8F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15944] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C8101B1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C812847] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C813133] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C84495D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C863FCA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C9104DD] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C8097E0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80BA71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C812B7E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C835DFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C830791] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C810800] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C8101B1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C801629] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C80A174] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80AA36] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C812AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C80A0B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80982E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C809842] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C8308B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C80A0DB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C919BA0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[15988] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AA911F8
Device \FileSystem\Fastfat \FatCdrom 89ABB1F8
Device \Driver\NDIS \Device\Ndis [8A8D1984] NDIS.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{B4C55B42-495E-4986-A473-39FEA7502365} 89B1D1F8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\usbohci \Device\USBPDO-0 8A9281F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AA931F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AA931F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AA931F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AA931F8
Device \Driver\usbehci \Device\USBPDO-1 8A9271F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA211F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AA211F8
Device \Driver\atapi \Device\Ide\IdePort0 8A576D78
Device \Driver\atapi \Device\Ide\IdePort1 8A576D78
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 8A576D78
Device \Driver\atapi \Device\Ide\IdePort2 8A576D78
Device \Driver\atapi \Device\Ide\IdePort3 8A576D78
Device \Driver\atapi \Device\Ide\IdePort4 8A576D78
Device \Driver\atapi \Device\Ide\IdePort5 8A576D78
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-16 8A576D78
Device \Driver\NetBT \Device\NetBt_Wins_Export 89B1D1F8
Device \Driver\NetBT \Device\NetbiosSmb 89B1D1F8
Device \Driver\usbstor \Device\00000094 8A95F500

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbstor \Device\00000096 8A95F500

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbstor \Device\00000097 8A95F500
Device \Driver\usbstor \Device\00000098 8A95F500
Device \Driver\usbohci \Device\USBFDO-0 8A9281F8
Device \Driver\usbstor \Device\00000099 8A95F500
Device \Driver\usbehci \Device\USBFDO-1 8A9271F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89B1A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89B1A1F8
Device \Driver\Ftdisk \Device\FtControl 8AA211F8
Device \Driver\st3mp28 \Device\Scsi\st3mp281 8A9261F8
Device \FileSystem\Fastfat \Fat 89ABB1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG)

Device \FileSystem\Cdfs \Cdfs 89AB41F8

---- Processes - GMER 1.0.15 ----

Process C:\lsass.exe (*** hidden *** ) 46388
Process C:\lsass.exe (*** hidden *** ) 46548
Process hidden process (*** hidden *** ) 47208
Process hidden process (*** hidden *** ) 56500
Process hidden process (*** hidden *** ) 56816

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACwuwsrnvmafuymxe.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0[email protected] 0x6D 0xE2 0x0E 0xFD ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\UACwuwsrnvmafuymxe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACwuwsrnvmafuymxe.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACpipmlaxvdnqwbxt.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACyxevnyyqxsduiur.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACuxivbftkbmivtef.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACjliqqtklolwxidm.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACtnjpmeponrinswe.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACsiixppfbpxvyagm.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACpjrtvxtjwaoyvkk.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACnqwhoieppalvshl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACtfohrqtwemxdkoj.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACnmiodotqppmepls.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACemnpklwwcvjlfay.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACpeklxxgloirxspk.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACeepfirjnqgodsya.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected] 0x6D 0xE2 0x0E 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \systemroot\system32\drivers\UACwuwsrnvmafuymxe.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACwuwsrnvmafuymxe.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACpipmlaxvdnqwbxt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0[email protected] 0x6D 0xE2 0x0E 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \systemroot\system32\drivers\UACwuwsrnvmafuymxe.sys
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACwuwsrnvmafuymxe.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACpipmlaxvdnqwbxt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs ewtfhjpk.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 212224/182656 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212224/182656 bytes executable
File C:\WINDOWS\system32\drivers\symndis.sys (size mismatch) 33216/182656 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\drivers\UACd.sys 52736 bytes executable
File C:\WINDOWS\system32\drivers\UAClvcgjcynjkhhpgy.sys 52736 bytes executable
File C:\WINDOWS\system32\drivers\UACwuwsrnvmafuymxe.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACemnpklwwcvjlfay.log 4013 bytes
File C:\WINDOWS\system32\uacinit.dll 5584 bytes
File C:\WINDOWS\system32\UACjliqqtklolwxidm.dll 17408 bytes executable
File C:\WINDOWS\system32\UACnmiodotqppmepls.dll 66560 bytes
File C:\WINDOWS\system32\UACnqwhoieppalvshl.dll 30208 bytes executable
File C:\WINDOWS\system32\UACpipmlaxvdnqwbxt.dll 24064 bytes executable
File C:\WINDOWS\system32\UACpjrtvxtjwaoyvkk.db 1110399 bytes
File C:\WINDOWS\system32\UACsiixppfbpxvyagm.dll 376832 bytes executable
File C:\WINDOWS\system32\UACtfohrqtwemxdkoj.dll 17920 bytes executable
File C:\WINDOWS\system32\uactmp.db 3976714 bytes
File C:\WINDOWS\system32\UACtnjpmeponrinswe.dll 19968 bytes executable
File C:\WINDOWS\system32\UACuxivbftkbmivtef.dll 19968 bytes executable
File C:\WINDOWS\system32\UACyxevnyyqxsduiur.dat 224 bytes
File C:\WINDOWS\TEMP\UAC182c.tmp 343040 bytes executable
File C:\WINDOWS\TEMP\UAC5ae.tmp 73728 bytes executable
File C:\WINDOWS\TEMP\UAC60c.tmp 343040 bytes executable
File C:\WINDOWS\TEMP\UAC6651.tmp 343040 bytes executable
File C:\WINDOWS\TEMP\UAC7eea.tmp 2331 bytes
File C:\WINDOWS\TEMP\UACaee.tmp 94208 bytes executable
File C:\WINDOWS\TEMP\UACb867.tmp 73728 bytes executable
File C:\WINDOWS\TEMP\UACb877.tmp 343040 bytes executable
File C:\WINDOWS\TEMP\UACb903.tmp 94208 bytes executable
File C:\WINDOWS\TEMP\UACf2f1.tmp 343040 bytes executable
File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 182912/182656 bytes executable

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (NDIS Filter Driver/Symantec Corporation) [MANUAL] SYMNDIS <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
dink81

dink81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I was able to install the newest version of combofix but still can not get it to run. I tried to check to see if the program was actually running in task manager but somehow it says the admin has disabled it. The only thing that is diffrent from my first post is that jlopfmwe.exe is getting error messages. Thank you for your patience.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi please delete your version of Combofix then do the following:
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#7
dink81

dink81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I am trying to upload a picture of the error message i am getting now. I havent been able to find anything out about jlopfmwe.exe. Ive checked this in my task manager and it will not let me end the process.

Attached Files


  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
:) VIRUT :)

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
https://forums2.syma...age/ba-p/388834
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.c...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)

What this means is we cannot proceed with any sort of fix as your legitimate files have already been corrupted and this action is, unfortunately, irreversible. I apologize but there is nothing else I can do or advise to completely clear your machine. You must reformat your pc to rid yourself of this deadly virus.
  • 0

#9
dink81

dink81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran the AVG virut remove program and then ran malwarebytes and was able to run combo fix. Here is the report.

ComboFix 09-05-19.08 - HP_Administrator 05/20/2009 5:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1521 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\inst.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\UACwuwsrnvmafuymxe.sys
c:\windows\system32\Pncrt.dll
c:\windows\system32\UACemnpklwwcvjlfay.log
c:\windows\system32\UACpipmlaxvdnqwbxt.dll
c:\windows\system32\UACpjrtvxtjwaoyvkk.db
c:\windows\system32\uactmp.db
c:\windows\system32\UACyxevnyyqxsduiur.dat
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
C:\xcrashdump.dat

c:\windows\system32\userinit.exe . . . is infected!!

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :)

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT


((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-20 08:00 . 2009-05-20 08:00 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-05-20 08:00 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 08:00 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 08:00 . 2009-05-20 08:00 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 08:00 . 2009-05-20 08:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 08:41 . 2009-05-19 08:41 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-05-18 16:36 . 2009-05-18 16:36 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Lavasoft
2009-05-18 16:36 . 2009-05-18 16:36 -------- d-----w c:\program files\Lavasoft
2009-05-16 19:07 . 2009-05-16 19:07 -------- d-----w c:\program files\Trend Micro
2009-05-16 18:25 . 2009-05-19 10:01 -------- d-----w C:\!KillBox
2009-05-16 15:09 . 2009-05-16 15:09 223744 ----a-w c:\windows\system32\wscsvc32.exe
2009-05-16 15:09 . 2009-05-16 15:09 82432 ----a-w c:\windows\system32\resdll.dll
2009-05-16 14:58 . 2009-05-16 14:58 2 ---h--w c:\windows\sto453189.dat
2009-05-16 14:58 . 2009-05-16 14:57 104952 ----a-w c:\windows\system32\dllcache\userinit.exe
2009-05-15 23:57 . 2009-05-15 23:57 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\TMInc
2009-05-15 23:57 . 2009-05-15 23:57 -------- d-----w c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-05-15 23:55 . 2009-05-15 23:55 -------- d-----w c:\program files\Viva Media
2009-05-15 23:47 . 2009-05-15 23:52 -------- d-----w c:\program files\Mystery Case Files - Ravenhearst
2009-05-15 23:46 . 2009-05-15 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-15 23:46 . 2009-05-15 23:46 -------- d-----w c:\program files\bfgclient
2009-05-10 05:19 . 2006-09-29 17:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-05-10 05:19 . 2006-09-29 17:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-05-10 05:19 . 2006-09-29 17:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-05-10 05:02 . 2009-05-10 05:08 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\CopyToDvd
2009-05-09 14:32 . 2009-05-09 14:32 -------- d-----w c:\program files\GameSpy Arcade
2009-05-09 14:31 . 2009-05-09 14:31 -------- d-----w c:\program files\ValuSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 10:08 . 2006-05-25 22:13 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-20 09:59 . 2004-08-10 04:00 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-19 17:39 . 2007-02-21 09:40 1442 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-19 08:52 . 2006-07-18 09:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-19 07:53 . 2007-02-13 10:34 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-18 14:09 . 2009-05-18 14:09 1 ----a-w c:\windows\system32\2E.tmp
2009-05-18 14:09 . 2009-05-18 14:09 84 ----a-w c:\windows\system32\2C.tmp
2009-05-17 21:13 . 2006-07-06 19:37 102400 ----a-w c:\windows\DUMP4a38.tmp
2009-05-17 19:23 . 2009-05-17 19:23 1 ----a-w c:\windows\system32\28.tmp
2009-05-17 19:23 . 2009-05-17 19:23 84 ----a-w c:\windows\system32\26.tmp
2009-05-17 15:41 . 2006-07-06 19:37 102400 ----a-w c:\windows\DUMP4d45.tmp
2009-05-17 08:14 . 2009-05-17 08:14 1 ----a-w c:\windows\system32\24.tmp
2009-05-17 08:14 . 2009-05-17 08:14 84 ----a-w c:\windows\system32\16.tmp
2009-05-16 19:14 . 2009-05-16 19:14 1 ----a-w c:\windows\system32\23.tmp
2009-05-16 19:14 . 2009-05-16 19:13 84 ----a-w c:\windows\system32\22.tmp
2009-05-16 16:36 . 2009-05-16 16:36 1 ----a-w c:\windows\system32\1F.tmp
2009-05-16 16:36 . 2009-05-16 16:35 84 ----a-w c:\windows\system32\1E.tmp
2009-05-16 14:57 . 2004-08-10 04:00 104952 ----a-w c:\windows\system32\userinit.exe
2009-05-16 07:22 . 2006-07-13 08:42 -------- d-----w c:\program files\World of Warcraft
2009-05-16 07:05 . 2008-02-13 20:25 -------- d-----w c:\program files\vso
2009-05-15 23:46 . 2009-05-15 23:46 0 ----a-w c:\program files\temp01
2009-05-09 14:31 . 2006-05-25 21:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 17:54 . 2007-04-24 08:36 -------- d-----w c:\program files\DVD Shrink
2009-04-14 17:52 . 2009-04-14 17:52 -------- d-----w c:\program files\DVDFab 5
2009-03-06 14:22 . 2004-08-10 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 04:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 04:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[-] 2004-08-10 04:00 14336 12E21FB7C1B2FB114D18144D48171254 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 2229944D88BDEC8A3662B35178FAF79B c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 2229944D88BDEC8A3662B35178FAF79B c:\windows\system32\svchost.exe

[-] 2008-04-14 00:12 1033728 0B6D1B1EA5A88F45CF386A5D1E7CE861 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 82EB4C6CC743452EAEBF03524608482A c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-10 04:00 1032192 CD20E772CC0981DF00428F6D878CEF01 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-10 04:00 15360 54AFBB13AD4260F47E4DB0926A18D1C1 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 947BE74FC30ABF210893A8C54E4B3498 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 947BE74FC30ABF210893A8C54E4B3498 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 6F57D45661354BC9EA2243EE4095A0BB c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 966891E98B02BD94ADA10934AF6F2AE0 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 04:00 57856 A6139132F5B6FAA898DC08DAF301A9A4 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 8B95D396DA7F92BED9FB87D6E6C2A50B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 8B95D396DA7F92BED9FB87D6E6C2A50B c:\windows\system32\spoolsv.exe

[-] 2004-08-10 04:00 24576 2EE15FC0AAA54332EC98E47A257DD7C3 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 155D4882924F034A7986376E787F6D3F c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-05-16 14:57 104952 727E5D6A59FC369F7E7328BC6B971600 c:\windows\system32\userinit.exe
[-] 2009-05-16 14:57 104952 727E5D6A59FC369F7E7328BC6B971600 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9554274]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-24 17:48 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Schedule"=2 (0x2)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"WmdmPmSN"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3776:UDP"= 3776:UDP:Media Center Extender Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 3:09 PM 55024]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [6/16/2008 2:45 PM 70016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/30/2007 3:03 PM 112688]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [12/28/2002 1:16 PM 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [12/28/2002 1:16 PM 95328]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/20/2007 6:40 PM 84992]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [6/22/2007 4:33 PM 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;c:\windows\system32\drivers\USB200M2.sys [1/26/2007 6:28 AM 18048]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/24/2008 7:35 AM 24576]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2007-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2006-12-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2006-10-28 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-07 05:38]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\1302655068.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p8e0l6qy.default\
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 06:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4908)
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
.
**************************************************************************
.
Completion time: 2009-05-20 6:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-20 10:13
ComboFix2.txt 2008-06-24 19:34
ComboFix3.txt 2008-02-18 12:41

Pre-Run: 40,524,754,944 bytes free
Post-Run: 40,747,806,720 bytes free

283 --- E O F --- 2009-05-13 18:51
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Be warned since you decide not to reformat the machine could crash or be very buggy at any given time.
So this may happen in the future cleaning process,
Some system files remain infected so do not let your antivirus delete anything yet if possible.
But do proceed at your own risk.
===========================
This will look for any clean copies of the system file that is infected and I will attempt to replace it with a clean copy.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    userinit.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

Advertisements


#11
dink81

dink81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
SystemLook v1.0 by jpshortstuff (18.05.09)
Log created at 06:33 on 20/05/2009 by HP_Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "userinit.exe"
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe -----c 24576 bytes [14:06 25/05/2008] [04:00 10/08/2004] 2EE15FC0AAA54332EC98E47A257DD7C3
C:\WINDOWS\ServicePackFiles\i386\userinit.exe ------ 26112 bytes [11:11 25/05/2008] [00:12 14/04/2008] 155D4882924F034A7986376E787F6D3F
C:\WINDOWS\system32\dllcache\userinit.exe --a--- 104952 bytes [14:58 16/05/2009] [14:57 16/05/2009] 727E5D6A59FC369F7E7328BC6B971600
C:\WINDOWS\system32\userinit.exe --a--- 104952 bytes [04:00 10/08/2004] [14:57 16/05/2009] 727E5D6A59FC369F7E7328BC6B971600

-=End Of File=-
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

c:\windows\$NtServicePackUninstall$\svchost.exe
c:\windows\ServicePackFiles\i386\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
C:\WINDOWS\ServicePackFiles\i386\userinit.exe
C:\WINDOWS\system32\dllcache\userinit.exe


Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#13
dink81

dink81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
c:\windows\explorer.exe

2009-05-20 Found nothing 2009-05-20 Found nothing
2009-05-20 Trojan.Win32.Patched!IK 2009-05-20 Trojan.Win32.Patched
2009-05-19 Found nothing 2009-05-20 Found nothing
2009-05-20 Found nothing 2009-05-20 Found nothing
2009-05-20 HEUR/Malware 2009-05-19 Found nothing
2009-05-20 Found nothing 2009-05-19 Found nothing
2009-05-20 Found nothing 2009-05-20 Found nothing
2009-05-20 Found nothing 2009-05-20 Found nothing
2009-05-20 Found nothing 2009-05-19 Found nothing
2009-05-19 Found nothing 2009-05-19 Found nothing


C:\WINDOWS\system32\dllcache\userinit.exe

2009-05-20 Downloader.Fraudload.Ekj 2009-05-20 Trojan-Downloader.Win32.FraudLoad.ekj
2009-05-20 Found nothing 2009-05-20 Found nothing
2009-05-19 Found nothing 2009-05-20 Trojan-Downloader.Win32.FraudLoad.ekj
2009-05-20 Found nothing 2009-05-20 Win32/FakeInit.I
2009-05-20 TR/Crypt.XPACK.Gen 2009-05-19 Found nothing
2009-05-20 Gen:Trojan.Heur.6050AF5050 2009-05-19 Found nothing
2009-05-20 Found nothing 2009-05-20 TrojanDownloader.FraudLoad.ek
2009-05-20 Found nothing 2009-05-20 Sus/EncPk-FV
2009-05-20 Trojan.DownLoad.33511 2009-05-19 Found nothing
2009-05-19 Found nothing 2009-05-19 Found nothing


Didnt see any other way to show this. these are the only two that found anything
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
c:\windows\ServicePackFiles\i386\explorer.exe c:\windows\explorer.exe
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe c:\windows\system32\userinit.exe
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe C:\WINDOWS\system32\dllcache\userinit.exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply Combofix.txt
=============
  • 0

#15
dink81

dink81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 09-05-19.08 - HP_Administrator 05/20/2009 14:06.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1439 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-20 08:00 . 2009-05-20 08:00 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-05-20 08:00 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 08:00 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 08:00 . 2009-05-20 08:00 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 08:00 . 2009-05-20 08:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 08:41 . 2009-05-19 08:41 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-05-18 16:36 . 2009-05-18 16:36 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Lavasoft
2009-05-18 16:36 . 2009-05-18 16:36 -------- d-----w c:\program files\Lavasoft
2009-05-16 19:07 . 2009-05-16 19:07 -------- d-----w c:\program files\Trend Micro
2009-05-16 18:25 . 2009-05-19 10:01 -------- d-----w C:\!KillBox
2009-05-16 15:09 . 2009-05-16 15:09 223744 ----a-w c:\windows\system32\wscsvc32.exe
2009-05-16 15:09 . 2009-05-16 15:09 82432 ----a-w c:\windows\system32\resdll.dll
2009-05-16 14:58 . 2009-05-16 14:58 2 ---h--w c:\windows\sto453189.dat
2009-05-16 14:58 . 2009-05-16 14:57 104952 ----a-w c:\windows\system32\dllcache\userinit.exe
2009-05-15 23:57 . 2009-05-15 23:57 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\TMInc
2009-05-15 23:57 . 2009-05-15 23:57 -------- d-----w c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-05-15 23:55 . 2009-05-15 23:55 -------- d-----w c:\program files\Viva Media
2009-05-15 23:47 . 2009-05-15 23:52 -------- d-----w c:\program files\Mystery Case Files - Ravenhearst
2009-05-15 23:46 . 2009-05-15 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-15 23:46 . 2009-05-15 23:46 -------- d-----w c:\program files\bfgclient
2009-05-10 05:19 . 2006-09-29 17:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-05-10 05:19 . 2006-09-29 17:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-05-10 05:19 . 2006-09-29 17:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-05-10 05:02 . 2009-05-10 05:08 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\CopyToDvd
2009-05-09 14:32 . 2009-05-09 14:32 -------- d-----w c:\program files\GameSpy Arcade
2009-05-09 14:31 . 2009-05-09 14:31 -------- d-----w c:\program files\ValuSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 10:37 . 2007-02-13 10:34 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-20 10:08 . 2006-05-25 22:13 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-20 09:59 . 2004-08-10 04:00 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-19 17:39 . 2007-02-21 09:40 1442 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-19 08:52 . 2006-07-18 09:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-18 14:09 . 2009-05-18 14:09 1 ----a-w c:\windows\system32\2E.tmp
2009-05-18 14:09 . 2009-05-18 14:09 84 ----a-w c:\windows\system32\2C.tmp
2009-05-17 21:13 . 2006-07-06 19:37 102400 ----a-w c:\windows\DUMP4a38.tmp
2009-05-17 19:23 . 2009-05-17 19:23 1 ----a-w c:\windows\system32\28.tmp
2009-05-17 19:23 . 2009-05-17 19:23 84 ----a-w c:\windows\system32\26.tmp
2009-05-17 15:41 . 2006-07-06 19:37 102400 ----a-w c:\windows\DUMP4d45.tmp
2009-05-17 08:14 . 2009-05-17 08:14 1 ----a-w c:\windows\system32\24.tmp
2009-05-17 08:14 . 2009-05-17 08:14 84 ----a-w c:\windows\system32\16.tmp
2009-05-16 19:14 . 2009-05-16 19:14 1 ----a-w c:\windows\system32\23.tmp
2009-05-16 19:14 . 2009-05-16 19:13 84 ----a-w c:\windows\system32\22.tmp
2009-05-16 16:36 . 2009-05-16 16:36 1 ----a-w c:\windows\system32\1F.tmp
2009-05-16 16:36 . 2009-05-16 16:35 84 ----a-w c:\windows\system32\1E.tmp
2009-05-16 14:57 . 2004-08-10 04:00 104952 ----a-w c:\windows\system32\userinit.exe
2009-05-16 07:22 . 2006-07-13 08:42 -------- d-----w c:\program files\World of Warcraft
2009-05-16 07:05 . 2008-02-13 20:25 -------- d-----w c:\program files\vso
2009-05-15 23:46 . 2009-05-15 23:46 0 ----a-w c:\program files\temp01
2009-05-09 14:31 . 2006-05-25 21:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 17:54 . 2007-04-24 08:36 -------- d-----w c:\program files\DVD Shrink
2009-04-14 17:52 . 2009-04-14 17:52 -------- d-----w c:\program files\DVDFab 5
2009-03-06 14:22 . 2004-08-10 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 04:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 04:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[-] 2004-08-10 04:00 14336 12E21FB7C1B2FB114D18144D48171254 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 2229944D88BDEC8A3662B35178FAF79B c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 2229944D88BDEC8A3662B35178FAF79B c:\windows\system32\svchost.exe

[-] 2008-04-14 00:12 1033728 0B6D1B1EA5A88F45CF386A5D1E7CE861 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 82EB4C6CC743452EAEBF03524608482A c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-10 04:00 1032192 CD20E772CC0981DF00428F6D878CEF01 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-10 04:00 15360 54AFBB13AD4260F47E4DB0926A18D1C1 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 947BE74FC30ABF210893A8C54E4B3498 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 947BE74FC30ABF210893A8C54E4B3498 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 6F57D45661354BC9EA2243EE4095A0BB c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 966891E98B02BD94ADA10934AF6F2AE0 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 04:00 57856 A6139132F5B6FAA898DC08DAF301A9A4 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 8B95D396DA7F92BED9FB87D6E6C2A50B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 8B95D396DA7F92BED9FB87D6E6C2A50B c:\windows\system32\spoolsv.exe

[-] 2004-08-10 04:00 24576 2EE15FC0AAA54332EC98E47A257DD7C3 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 155D4882924F034A7986376E787F6D3F c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-05-16 14:57 104952 727E5D6A59FC369F7E7328BC6B971600 c:\windows\system32\userinit.exe
[-] 2009-05-16 14:57 104952 727E5D6A59FC369F7E7328BC6B971600 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9554274]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-24 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Schedule"=2 (0x2)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"WmdmPmSN"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3776:UDP"= 3776:UDP:Media Center Extender Service

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 3:09 PM 55024]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [6/16/2008 2:45 PM 70016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/30/2007 3:03 PM 112688]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [12/28/2002 1:16 PM 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [12/28/2002 1:16 PM 95328]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/20/2007 6:40 PM 84992]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [6/22/2007 4:33 PM 7548]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;c:\windows\system32\drivers\USB200M2.sys [1/26/2007 6:28 AM 18048]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/24/2008 7:35 AM 24576]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]

--- Other Services/Drivers In Memory ---

*Deregistered* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2007-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2006-12-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2006-10-28 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-07 05:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p8e0l6qy.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 14:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(18968)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-20 14:12
ComboFix-quarantined-files.txt 2009-05-20 18:11
ComboFix2.txt 2009-05-20 10:13
ComboFix3.txt 2008-06-24 19:34
ComboFix4.txt 2008-02-18 12:41

Pre-Run: 40,697,593,856 bytes free
Post-Run: 40,687,513,600 bytes free

235 --- E O F --- 2009-05-13 18:51
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP