Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware from free gaming sites


  • This topic is locked This topic is locked
40 replies to this topic

#1 supercool1

supercool1

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 18 February 2009 - 12:35 AM

my kids have been going to free game sites and now i have a lot of pop ups
i run kasperky and it found type_32 virus then starting quartining my exe. file now i cant even run in regular mood beacuse my desktop is blank im usins save mode
here is my log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:12 AM, on 18/02/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\wxyz.com.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ESTsoft\ALZip\ALZip.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ac8f6e71] rundll32.exe "C:\WINDOWS\system32\whfeierk.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\steven\Application Data\cogad\cogad.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O20 - AppInit_DLLs: efimjf.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O24 - Desktop Component 0: (no name) - http://www.allaboutpromos.com/product_images/h/346small.jpg

--
End of file - 9408 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 18 February 2009 - 06:32 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 supercool1

supercool1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 19 February 2009 - 11:08 PM

the malwarebytes is craching a lot here are the other reports
why cant i see my desktop in a normal logon but i can see it in safe mode?

Attached Files

  • Attached File  info.txt   54.48KB   24 downloads
  • Attached File  log.txt   70.32KB   27 downloads


#4 supercool1

supercool1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 19 February 2009 - 11:13 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-19 22:54:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code F7688F92 ZwCreateDirectoryObject
Code F7688D47 ZwCreateFile
Code F76890E2 ZwCreateKey
Code F768924A ZwCreateSection
Code F7689D62 ZwEnumerateKey
Code F76899FB ZwEnumerateValueKey
Code 8ACC4D10 ZwFlushInstructionCache
Code F768A5D5 ZwLoadDriver
Code F768903A ZwOpenDirectoryObject
Code F7688ED8 ZwOpenFile
Code F76891A2 ZwOpenKey
Code F768930A ZwOpenSection
Code F76893B2 ZwOpenSymbolicLinkObject
Code F768A6B8 ZwQueryDirectoryFile
Code F7689680 ZwQueryDirectoryObject
Code F768A091 ZwQueryValueKey
Code F7688E12 IoCreateFile
Code F7688E88 IoCreateStreamFileObject
Code BAB83323 pIofCallDriver
Code F7688D46 NtCreateFile
Code F7689249 NtCreateSection
Code F7688ED7 NtOpenFile
Code F768A6B7 NtQueryDirectoryFile
Code F7688FE4 ZwCreateDirectoryObject
Code F7688DA5 ZwCreateFile
Code F7689140 ZwCreateKey
Code F76892A8 ZwCreateSection
Code F7689EF6 ZwEnumerateKey
Code F7689BA9 ZwEnumerateValueKey
Code F768A643 ZwLoadDriver
Code F768908C ZwOpenDirectoryObject
Code F7688F33 ZwOpenFile
Code F76891F4 ZwOpenKey
Code F768935C ZwOpenSection
Code F7689404 ZwOpenSymbolicLinkObject
Code F768A764 ZwQueryDirectoryFile
Code F768983A ZwQueryDirectoryObject
Code F768A212 ZwQueryValueKey

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwCreateDirectoryObject 804E352A 5 Bytes JMP F7688FE9
.text ntoskrnl.exe!ZwCreateFile 804E3566 5 Bytes JMP F7688DAA
.text ntoskrnl.exe!ZwCreateKey 804E35B6 5 Bytes JMP F7689145
.text ntoskrnl.exe!ZwCreateSection 804E366A 5 Bytes JMP F76892AD
.text ntoskrnl.exe!ZwEnumerateKey 804E380E 5 Bytes JMP F7689EFB
.text ntoskrnl.exe!ZwEnumerateValueKey 804E3836 5 Bytes JMP F7689BAE
.text ntoskrnl.exe!ZwLoadDriver 804E3A16 5 Bytes JMP F768A648
.text ntoskrnl.exe!ZwOpenDirectoryObject 804E3B56 5 Bytes JMP F7689091
.text ntoskrnl.exe!ZwOpenFile 804E3B92 5 Bytes JMP F7688F38
.text ntoskrnl.exe!ZwOpenKey 804E3BCE 5 Bytes JMP F76891F9
.text ntoskrnl.exe!ZwOpenSection 804E3C46 5 Bytes JMP F7689361
.text ntoskrnl.exe!ZwOpenSymbolicLinkObject 804E3C6E 5 Bytes JMP F7689409
.text ntoskrnl.exe!ZwQueryDirectoryFile 804E3DD6 5 Bytes JMP F768A769
.text ntoskrnl.exe!ZwQueryDirectoryObject 804E3DEA 5 Bytes JMP F768983F
.text ntoskrnl.exe!ZwQueryValueKey 804E4056 5 Bytes JMP F768A217
PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP F768924E
PAGE ntoskrnl.exe!ZwOpenKey 80572BF4 5 Bytes JMP F76891A6
PAGE ntoskrnl.exe!ZwOpenKey + 7 80572BFB 1 Byte [ 11 ]
PAGE ntoskrnl.exe!ZwQueryValueKey 80573037 7 Bytes JMP F768A095
PAGE ntoskrnl.exe!ZwCreateKey 8057791D 1 Byte [ E9 ]
PAGE ntoskrnl.exe!ZwCreateKey + 2 8057791F 3 Bytes [ 17, 11, 77 ]
PAGE ntoskrnl.exe!ZwCreateKey + 7 80577924 1 Byte [ A9 ]
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 7 Bytes JMP F7689D66
PAGE ntoskrnl.exe!ZwOpenSection 8057A8AD 7 Bytes JMP F768930E
PAGE ntoskrnl.exe!IoCreateFile 8057C2C6 5 Bytes JMP F7688E17
PAGE ntoskrnl.exe!NtCreateFile 8057C328 5 Bytes JMP F7688D4B
PAGE ntoskrnl.exe!NtOpenFile 8057C49C 5 Bytes JMP F7688EDC
PAGE ntoskrnl.exe!NtQueryDirectoryFile 80581E61 5 Bytes JMP F768A6BC
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80587693 7 Bytes JMP F76899FF
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8ACC4D14
PAGE ntoskrnl.exe!ZwOpenSymbolicLinkObject 8058A039 7 Bytes JMP F76893B6
PAGE ntoskrnl.exe!ZwOpenDirectoryObject 8058A0B6 7 Bytes JMP F768903E
PAGE ntoskrnl.exe!ZwQueryDirectoryObject 8058FA6A 7 Bytes JMP F7689684
PAGE ntoskrnl.exe!ZwLoadDriver 805A8F96 7 Bytes JMP F768A5D9
PAGE ntoskrnl.exe!ZwCreateDirectoryObject 805A976B 7 Bytes JMP F7688F96
PAGE ntoskrnl.exe!IoCreateStreamFileObject 805CCF54 5 Bytes JMP F7688E8D
.text fltmgr.sys!FltReadFile F7431B1A 5 Bytes JMP F768A572

---- User code sections - GMER 1.0.14 ----

.reloc C:\WINDOWS\Explorer.EXE[1104] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE2000060]
.reloc C:\WINDOWS\Explorer.EXE[1104] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x0110288A]
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\Explorer.EXE[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~2\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
.text C:\WINDOWS\system32\winlogon.exe[1140] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\winlogon.exe[1140] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\winlogon.exe[1140] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\winlogon.exe[1140] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\winlogon.exe[1140] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\services.exe[1184] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\services.exe[1184] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\services.exe[1184] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\services.exe[1184] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\services.exe[1184] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FF93E1B
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FF93EAA
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FF93EB7
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FF93EA0
.text C:\WINDOWS\system32\lsass.exe[1200] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FF93EF8
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[1388] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[1388] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[1396] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[1404] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\System32\svchost.exe[1768] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[1768] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[1768] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[1768] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[1768] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\16.tmp[2240] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\16.tmp[2240] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\16.tmp[2240] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\16.tmp[2240] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\16.tmp[2240] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\svchost.exe[2408] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\svchost.exe[2408] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\svchost.exe[2408] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\svchost.exe[2408] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\svchost.exe[2408] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\system32\taskmgr.exe[3776] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\taskmgr.exe[3776] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\taskmgr.exe[3776] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\taskmgr.exe[3776] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\taskmgr.exe[3776] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\TEMP\VRTA.tmp[4064] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\TEMP\VRTA.tmp[4064] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\TEMP\VRTA.tmp[4064] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\TEMP\VRTA.tmp[4064] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\TEMP\VRTA.tmp[4064] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[4260] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[4260] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[4260] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[4260] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[4260] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[4260] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 00A7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!HttpOpenRequestA 78064341 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetConnectA 7806499A 5 Bytes JMP 00A5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetConnectW 78065B88 5 Bytes JMP 00A6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!HttpOpenRequestW 78065D62 5 Bytes JMP 00D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 00CD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!HttpSendRequestA 7806CD40 5 Bytes JMP 00D3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetSetStatusCallback 7807288F 5 Bytes JMP 00D1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!HttpSendRequestW 78080825 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 00D0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4828] WININET.dll!InternetSetStatusCallbackW 780BB098 5 Bytes JMP 00D2000A
.text C:\WINDOWS\system32\ctfmon.exe[4932] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\system32\ctfmon.exe[4932] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\system32\ctfmon.exe[4932] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\system32\ctfmon.exe[4932] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\system32\ctfmon.exe[4932] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\System32\reader_s.exe[5216] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\reader_s.exe[5216] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\reader_s.exe[5216] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\reader_s.exe[5216] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\reader_s.exe[5216] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
? C:\WINDOWS\System32\svchost.exe[5956] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[5956] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\svchost.exe[5956] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\svchost.exe[5956] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\svchost.exe[5956] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\svchost.exe[5956] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[51768] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[51768] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[51768] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[51768] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[51768] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\ESTsoft\ALZip\ALZip.exe[117696] ntdll.dll!NtCreateFile 7C90D090 5 Bytes CALL 7FFA3E1B
.text C:\Program Files\ESTsoft\ALZip\ALZip.exe[117696] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes CALL 7FFA3EAA
.text C:\Program Files\ESTsoft\ALZip\ALZip.exe[117696] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes CALL 7FFA3EB7
.text C:\Program Files\ESTsoft\ALZip\ALZip.exe[117696] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Program Files\ESTsoft\ALZip\ALZip.exe[117696] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8
.text C:\Program Files\ESTsoft\ALZip\ALZip.exe[117696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~2\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
.text C:\Documents and Settings\steven\Local Settings\Temp\_AZTMP6_\gmer.exe[132420] ntdll.dll!NtOpenFile 7C90D580 5 Bytes CALL 7FFA3EA0
.text C:\Documents and Settings\steven\Local Settings\Temp\_AZTMP6_\gmer.exe[132420] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes CALL 7FFA3EF8

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 028001C7
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9FE90043
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 5600017E
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00430280] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[1388] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 028001C7
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9FE90043
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 5600017E
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00430280] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 028001C7
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9FE90043
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 5600017E
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [00430280] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 017E91E8
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 7EC3E856
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 018569E8
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 01B7E3E8
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 60E8F075
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8C06C70C
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E8004302
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001DD8
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 95E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C20001B8
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 028C06C7
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] EEE80043
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] F3E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8300017D
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 7E0FE856
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9801C700
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E9004302
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43029806
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E2E85607
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5900017D
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 42DBD9B8
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] B73AE800
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00017D2A
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43028C06
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1D2AE800
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 01B7E7E8
IAT C:\WINDOWS\System32\svchost.exe[1404] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DDE9E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6A9F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD6FEF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDD757] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE5196] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DE4312] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD7AAB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DDEAD7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DE4280] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DD6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80D2F2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C809AE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C812F06] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C813123] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B55F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C8449FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C863E6A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80B731] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80BA61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C92ABA5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C838E00] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C80CD38] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C838A24] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80A520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C81CAFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80BE91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C8101A1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C812FAD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C81126A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C8106C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80A0CB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C83089D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80E9CF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C809BD7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80EAAB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C80BE46] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80981E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C834D59] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C830D64] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C80A864] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80BB31] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C809832] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C814B82] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C83290F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C809B02] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C8021D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C839725] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C90FE01] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C810E17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80A164] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C809C88] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C80AA5C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C80AA26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C80BAF4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C812C46] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C919B80] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809E91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C90FF0D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4260] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C8097B8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DDE9E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6A9F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD6FEF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDD757] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE5196] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DE4312] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD7AAB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DDEAD7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DE4280] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DD6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80D2F2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C809AE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C812F06] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C813123] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B55F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812FC9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C8449FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80B731] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80BA61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C92ABA5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C838E00] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C80CD38] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C838A24] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80A520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C81CAFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80BE91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8101A1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C812FAD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C81126A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C8106C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80A0CB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C83089D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80E9CF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809BD7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EAAB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80A0A7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80981E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C834D59] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C830D64] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80BB31] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C809832] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C814B82] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C83290F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C863AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C809B02] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C8021D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C839725] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C90FE01] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C810E17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C8107F0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C810FC2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C80A164] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C809C88] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C812A99] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C80AA5C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C80AA26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C80BAF4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C812C46] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[5956] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61138F3A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61138F3A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A1CE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139723] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139723] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138E7D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138E01] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138E3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61138F3A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A18E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A21C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A1CE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61138F78] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138E3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139723] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138E7D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139723] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61138F40] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138E01] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6113A14E] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[51444] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [61139B0C] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.14 ----

Device \Driver\NDIS \Device\Ndis [8B318984] NDIS.sys[.reloc]
Device \Driver\hopdxery \Device\SAMPLEDEV35 F7688416

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\senekauwiwwosp.sys (*** hidden *** ) BAB81000-BABA8000 (159744 bytes)
Module blqdzjjw.sys (*** hidden *** ) F7687000-F7690000 (36864 bytes)

---- Processes - GMER 1.0.14 ----

Process hidden process (*** hidden *** ) 1040
Process hidden process (*** hidden *** ) 1348
Process hidden process (*** hidden *** ) 4944
Process hidden process (*** hidden *** ) 4956
Process hidden process (*** hidden *** ) 52160

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@ProductFiles 978388069
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@GrooveFiles 978387389
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109AB0090400000000000F01FEC\Usage@GrooveFilesIntl_1033 978387390
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.lic 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.prf 2
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.14 ----

#5 supercool1

supercool1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 19 February 2009 - 11:34 PM

malware scan

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 20 February 2009 - 06:32 AM

This is important step.. Tell me whether you successfully upload the file or not.. Please zip it first before sending it to the upload channel..

Please show hidden files and folders

Please visit this site and upload below file.. At the comment section, just say "fenzodahl512 asked to upload the file"

C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\TEMP\VRTA.tmp
C:\WINDOWS\system32\16.tmp





NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Edited by fenzodahl512, 20 February 2009 - 03:08 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 20 February 2009 - 03:10 PM

Hello.. Please take note that I've edited my post above.. Thank you :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 supercool1

supercool1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 22 February 2009 - 12:09 AM

i found my explore.exe in the servicepackfiles and copied it to windows folder now i see desktop again

Edited by supercool1, 22 February 2009 - 12:48 AM.


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 22 February 2009 - 02:50 AM

Good for you.. Please proceed with the previous step :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 supercool1

supercool1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 22 February 2009 - 09:33 AM

thanks
i got a real mess going on
Good luck

Attached Files



#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 22 February 2009 - 04:19 PM

IMPORTANT!! Please read quote below.. It's important!!

Delete your version of ComboFix from your computer.. I suspect that you have Virut virus in the computer..


Some info about Virut.. It infects ALL executable files, in each and every partition the computer has, including any files inside the thumbdrive and external hard disk that been used with that computer...


Ok.. Looking at ComboFix log, I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files... We are looking for possible Virut or Sality infection, and if it is.. Then you might have to wipe the machine clean..

Make sure you back-up everything ONLY via CD or DVD (non-rewritable)




But lets do this first.. (after you backup all important stuff)...



Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)
NEXT


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post me these logs in your next reply..

1. Dr.Web
2. Kaspersky Online Scanner

Edited by fenzodahl512, 22 February 2009 - 04:20 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 supercool1

supercool1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 22 February 2009 - 05:59 PM

oh boy! should i use a pc backup program to save pic and movie? i have Aconis true image 2009 software and i never insstalled it yet
i got a lot of pic and movies on 3 drives do i need to backup all drives or just c drive

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 February 2009 - 09:54 AM

i got a lot of pic and movies on 3 drives do i need to backup all drives or just c drive


backup everything in the hard drive.. not just C:\ drive, because when it comes to Virut, (if it is indeed Virut), you might have to wipe clean the whole hard disk (all partitions)..

Never use any thumbdrive/external hard drive, use just CD/DVD... I you really need to backup with external hard drive, make sure it was empty first, as a single .exe file can infected other machines risking reformat that other machines as well...


But please do as per my previous instruction first :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 supercool1

supercool1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 23 February 2009 - 10:23 PM

kaspersky is telling me i dont have the lastest ver of java to run its program and even when i try to update the download says the admin. is not allowing permission to install
i do have ver. 6 and 1.6 plug in already installed
the web is telling me i dont have permssion to upload the dr. web.csv file
the report list has 2054 .exe files showing cured
AM I DOOMED TO CRASH?!
will it infect my pic. mpegs jpegs files i have 2 other harddrive connected will the virus go there?
please advise how it upload the file
plz advise how to get the kaspersky online to run
thanx

Edited by supercool1, 23 February 2009 - 11:13 PM.


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 24 February 2009 - 06:39 AM

will it infect my pic. mpegs jpegs files i have 2 other harddrive connected will the virus go there?


pictures and movies should be good.. how many hard disk do you have in the computer?.. Have you backup all the data first?.. Do you have a Windows CD?.. I'm thinking of having an online scan that is invasive but you might need to do some repair install later.. So, first of all, I need your confirmation that you have your data/pictures/movies/documents/songs backed-up first..

My primary concern is those files with .exe, .scr, .zip, .rar, .htm, .html, .xml extension.. Do NOT backup any files with those extension.. Meaning, do NOT backup any saved websites, any installer, any applications, any zip or rar files, any screen saver... Just find an external hard drive, empty it first (format the external hard drive) and do backup from there..


Please tell me first you have done the backup and then we'll try to disinfect the Virut infection if it still in the computer :thumbup2:

the web is telling me i dont have permssion to upload the dr. web.csv file
the report list has 2054 .exe files showing cured


Well, that's what Dr.Web showed, we need to do online scan to make sure Dr.Web got it all cured and the infection doesn't come back..


lets worry about Dr.Web report later... Do the backup first and then we'll do another online scan.. Also please find a Windows CD, we might need it later :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users