Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit and Rogue-Full Description Inside


  • This topic is locked This topic is locked
20 replies to this topic

#1 alfasf

alfasf

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 03 August 2009 - 06:56 AM

Hello to all,

this is my first entry to this forum hoping to get satisfactory and rapid response. The situation is the following I have this laptop Gateway MX6420 that got infected for AntivirusPro 2009, which was a Rogue infection hard to remove, of which I still believe I have remnants of it. This infection manifested in blinking desktop every 10-15 seconds, not running some windows applications, disabling networks, and not working Safe Mode properly leaving a black screen. In addition to the Gateway laptop, I use a desktop Emachines that is well protected with McAffee full protection, SpywareBlaster, and SpywareGuard, and haven't had manifested problems with malwares.

Note: Since I didnt have Internet connections enabled at this phase, I had to download the MalwareBytes and transfer it to my usb flash memory drive.

What did I do? After many attempts, I could solve it

1. I run MalwareBytes in Safe Mode without installing library updates. Anyway, it run and finally solved all my initial problems. Now I have wireless connection in the laptop.

2. Immediately after I eliminated through MalwareBytes, I wanted to protect the same utilities installed on my Emachines desktop with few changes. First I did install SpywareBlaster that protects from installing malware. Second, I installed Avast instead of my licensed McAffee, and the next step was to install was SpywareGuard. From here it started all the problems again, Avast warned me many times with its noisy alert that Spyware brought spywares. I checked the delete option for each time Avast warned me about malicious threats. Finally in this step I installed CCleaner aspiring to get the malware removed.

Problems I face now

1. Firefox 3.5 and Internet 8 got the homepage hijacked changing for the following website track.moreniche.com/hit.php?w=155970&s=147, it all indicates these are symptons of RootKit virus.

2. Since this moment I have been blocked from all valid virus protection and security websites such as Avast, AVG, McAffee, Spybot Search and Destroy, you got the idea. I cannot download their update their download database, etc. The worst thing is I cannot access microsoft updates and website. However, I can surf the web with other websites with no problem and with high speed in both IE8 and Firefox 3.5

3. Avast did become crazy by constant annoying alerts of such malwares but kept repeating showing the same infected files even though I deleted them or sending them to chest. Apparently Avast got corrupted from such Rootkit viruses.

Actions taken from me

1. I scanned MalwareBytes in Safe Mode-this time working well and normal- eliminated the results given, but at restart, still the problem persisted by not accessing such websites.

2. I uninstall Avast for all the complications described above.

3. From my non-infected desktop pc I downloaded all kinds of valid anti-spyware and removal tools to boot it in the laptop. Note: Some anti-spywares programs I had to run them in their simple forms since I could not download update library and accessing servers. All these anti-spywares run always showed the same rootkit, rogues and other adware results, but at the moment to fix them, it never solved the blocking websites.

4. To discard the possibility of firewalls, I proceeded to turn off Windows Firewall but still access to anti-virus servers were blocked.

My interest is to be able to unblock these secured websites and install my licensed McAffee program, or other of real high-standards without having to reformat hard drive and reinstalling software. I want to do this as last resource.

Thanks for your help and reading along this long description. Following I attached HJT log. If you need other logs, I can provide them as well by request.

Please I would appreciate any prompt response.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:30:16, on 8/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5733 bytes

Edited by PropagandaPanda, 03 August 2009 - 10:20 AM.
Remove font size formatting


BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:02 PM

Posted 03 August 2009 - 09:17 AM

Hello alfasf and Welcome to BleepingComputer.

I'm DocSatan and I will be helping you with your "Malware" related computer problems.

All these anti-spywares run always showed the same rootkit, rogues and other adware

  • Please tell me the names of the Rootkits, Rogues, and other Malware, if you can.
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please Note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Please post the above Scan Results (as instructed above), as well as any names of the rootkits, rogues, etc. that you may remember in a Reply to this Topic.


Additional Instructions:

1. Please TRACK this Topic

  • At the top of this thread (not the top of this web page) there is an Options button, right below the Add Reply and the New Topic buttons.
  • Click on Options
  • Then click on Track This Topic
  • Place a tick mark next to Immediate Email Notification
  • Then click on Proceed
  • You will now receive an e-mail as soon as a Reply is made to this Topic. :thumbup2:
2. Do Not Make Any Changes to the "Infected" Computer.
Once you have posted a NEW DDS Log, Do Not make any changes to the computer. I will be researching the DDS Log that you post and any changes made to the system might interfere with the FIX that I prepare for you. Examples of "Changes":
  • Deleting Files/Folders
  • Installing/Uninstalling Programs
  • Running Anti-Virus, Anti-Malware, Anti-Spyware, etc., Programs
3. Please do not seek Help with this issue at another Computer Help Forum
  • While we are working together I must insist that you do not seek help with this matter at any other Help Forum.
  • Having multiple (more than one) Forums provide help for the same computer issue will result in confusion with preparing a Fix.
  • It is also not fair to the Volunteer who is helping you, as her/his time will be wasted trying to fix a computer that someone else is also trying to fix.
  • So, if you have posted at another Computer Help Forum for this same issue I would ask that you choose which Forum that you wish to stay with and inform the other Forum(s) that you no longer require their assistance.
4. Throughout the course of us working together, I will be posting step-by-step procedures for you to follow on your computer.
  • If at any time you do not fully understand what I have said, or you are not exactly sure what you are supposed to do, then please stop there and Post back to this topic and ask your questions. That way I will be able to more clearly explain the step/procedure and we won't have to worry about any steps being done incorrectly. :)

Doc.

#3 alfasf

alfasf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 03 August 2009 - 02:22 PM

Thank you for your guidance. I will respond in a couple of hours, so please do no delete this thread

#4 alfasf

alfasf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 03 August 2009 - 08:32 PM

Hi DocSatan thank you for your quick response and I hope we can work it out together in this topic :thumbup2:

Let me tell you I have no installed any anti-virus in the laptop. I just disabled MalwareBytes, SuperAntiSpyware Free Edition, Spybot Search and Destroy-actually, real time protection was disabled at time of installation since no update database were no accesed from server.

Some rogue identified as SuperAntiSpyware were Rogue.XP AntiSpyware2009-Trace, Rogue.Component/Trace, Adware.Jraun/WinEssential, Adware.Vundo/Variant, Rootkit.TDSServ-Trace. I still have the feeling some of them were completely removed.

Here is my DDS log. Again thanks so much.

P.S I have not tasked any removal, more manual installation of files, extensions, programs. However, I have checked folders and registries, and some removed files keep reappearing.

EDIT: Now I finally remember the name of webpage it was changed for DIET WITHOUT HUNGER.url-no longer this homepage since I had changed it in the browsers options.




DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 18:22:47.60 on Mon 08/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.342 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner.YOUR-B42A913F06\reader_s.exe
C:\WINDOWS\TEMP\torA3.tmp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.YOUR-B42A913F06\Application Data\cft\cft.exe
C:\Program Files\GetPrimo\GetPrimo.exe
C:\Documents and Settings\Owner.YOUR-B42A913F06\Application Data\Microsoft\Windows\ofypuegq.exe
C:\Documents and Settings\Owner.YOUR-B42A913F06\Application Data\digifast\digifast.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.YOUR-B42A913F06\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [reader_s] c:\documents and settings\owner.your-b42a913f06\reader_s.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [CanonSolutionMenu] "c:\program files\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [reader_s] c:\documents and settings\owner.your-b42a913f06\reader_s.exe
dRun: [Owner] c:\documents and settings\owner.your-b42a913f06\Owner.YOUR-B42A913F06.exe /i
dRun: [pridl] "c:\documents and settings\owner.your-b42a913f06\application data\pridl\pridl.exe" 61A847B5BBF72811329B385672FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
dRun: [cft] c:\documents and settings\owner.your-b42a913f06\application data\cft\cft.exe
dRun: [GetPrimo] c:\program files\getprimo\GetPrimo.exe
dRun: [DigiFast] c:\documents and settings\owner.your-b42a913f06\application data\digifast\digifast.exe
dRun: [SfKg6wIPuSpdc] c:\documents and settings\owner.your-b42a913f06\application data\microsoft\windows\ofypuegq.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGXrstq

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\bnr67j3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 119808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-25 45056]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-10-28 200576]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S2 amd64si;amd64si;c:\windows\system32\drivers\amd64si.sys [2004-8-3 40576]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5b.tmp --> c:\windows\system32\5B.tmp [?]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]

=============== Created Last 30 ================

2009-08-03 16:02 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\digifast
2009-08-03 15:57 <DIR> --d----- c:\program files\iPrimo
2009-08-03 15:57 <DIR> --d----- c:\program files\GetPrimo
2009-08-03 15:57 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\GetPrimo
2009-08-03 15:42 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\cft
2009-08-03 15:37 <DIR> --d----- c:\program files\WWShow
2009-08-03 15:32 <DIR> --d----- c:\program files\Jcore
2009-08-03 15:31 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\pridl
2009-08-03 15:31 41,456 ----h--- c:\documents and settings\owner.your-b42a913f06\Owner.YOUR-B42A913F06.exe
2009-08-03 05:26 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-08-03 05:26 55,808 a------- c:\windows\system32\reader_s.exe
2009-08-03 05:26 55,808 a------- c:\documents and settings\owner.your-b42a913f06\reader_s.exe
2009-08-03 00:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-03 00:14 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-03 00:14 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\SUPERAntiSpyware.com
2009-08-02 23:54 <DIR> --d----- c:\program files\Sophos
2009-08-02 23:04 2 a--shrot c:\windows\winstart.bat
2009-08-02 23:04 <DIR> --d----- c:\program files\UnHackMe
2009-08-02 18:00 0 a------- c:\windows\system32\nar.bin
2009-08-02 17:59 <DIR> --d----- c:\program files\common files\Motive
2009-08-02 17:52 6 a------- c:\windows\system32\_id.dat
2009-08-02 17:52 0 a------- c:\windows\system32\1E.tmp
2009-08-02 17:52 0 a------- c:\windows\system32\1D.tmp
2009-08-02 17:33 168 a------- c:\windows\system32\15.tmp
2009-08-02 17:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-02 06:40 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-02 06:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-02 06:29 <DIR> --d----- c:\program files\Safer Networking
2009-08-02 00:11 <DIR> --d----- c:\program files\SpywareGuard
2009-08-02 00:03 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-01 23:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\15338904
2009-08-01 23:05 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-08-01 22:23 <DIR> --d----- c:\documents and settings\owner.your-b42a913f06\Tracing
2009-08-01 22:22 <DIR> --d----- c:\program files\Microsoft
2009-08-01 22:22 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-01 22:18 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-01 20:42 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-08-01 20:42 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-01 20:42 73,728 a------- c:\windows\system32\PAStiSvc.exe
2009-08-01 20:42 91,136 ac------ c:\windows\system32\dllcache\kswdmcap.ax
2009-08-01 20:42 61,952 ac------ c:\windows\system32\dllcache\kstvtune.ax
2009-08-01 20:42 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-01 20:42 43,008 ac------ c:\windows\system32\dllcache\ksxbar.ax
2009-08-01 20:42 91,136 a------- c:\windows\system32\kswdmcap.ax
2009-08-01 20:42 61,952 a------- c:\windows\system32\kstvtune.ax
2009-08-01 20:42 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-08-01 20:42 43,008 a------- c:\windows\system32\ksxbar.ax
2009-08-01 20:41 <DIR> --d----- c:\windows\Pixart
2009-08-01 20:41 <DIR> --d----- c:\program files\PC VGA Camera
2009-08-01 20:41 <DIR> --d----- c:\program files\common files\PCCamera
2009-08-01 13:59 <DIR> --d----- c:\program files\iPod
2009-08-01 13:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-01 13:58 <DIR> --d----- c:\program files\Bonjour
2009-08-01 05:19 <DIR> --d----- c:\windows\system32\scripting
2009-08-01 05:19 <DIR> --d----- c:\windows\l2schemas
2009-08-01 05:19 <DIR> --d----- c:\windows\system32\en
2009-08-01 05:19 <DIR> --d----- c:\windows\system32\bits
2009-08-01 05:15 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-01 05:11 <DIR> --d----- c:\windows\network diagnostic
2009-08-01 04:48 <DIR> --dsh--- c:\documents and settings\owner.your-b42a913f06\PrivacIE
2009-08-01 04:47 <DIR> --dsh--- c:\documents and settings\owner.your-b42a913f06\IETldCache
2009-08-01 04:44 <DIR> --d----- c:\windows\ie8updates
2009-08-01 04:40 <DIR> -cd-h--- c:\windows\ie8
2009-08-01 04:39 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-01 04:35 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-01 04:35 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-01 04:35 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-01 04:35 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-01 04:35 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-01 04:34 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-01 04:28 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-08-01 04:28 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-01 04:28 236,032 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-01 04:22 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\Malwarebytes
2009-08-01 03:56 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 03:56 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-01 03:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 03:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-01 03:53 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-01 03:07 3,456 a------- c:\windows\system32\tmp.reg
2009-08-01 02:27 <DIR> --d----- c:\program files\CCleaner
2009-07-31 23:12 1,152 a------- c:\windows\system32\windrv.sys
2009-07-31 02:13 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\GetRightToGo
2009-07-31 01:10 3,794 a---h--- C:\aaw7boot.cmd
2009-07-31 00:15 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-19 18:48 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll

==================== Find3M ====================

2009-08-03 05:29 40,576 a------- c:\windows\system32\drivers\amd64si.sys
2009-08-03 05:26 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-08-01 23:05 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-08-01 05:23 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-31 06:47 94,208 a------- c:\windows\DUMPc44a.tmp
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-06-02 11:17 99,840 a------- c:\windows\system32\WS2Fix.exe
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2008-11-30 23:37 12,260 a------- c:\docume~1\owner~1.you\applic~1\wklnhst.dat

============= FINISH: 18:23:48.00 ===============

Edited by alfasf, 04 August 2009 - 12:07 AM.


#5 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:02 PM

Posted 04 August 2009 - 10:55 AM

Hello alfasf,

1. Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

#6 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:02 PM

Posted 04 August 2009 - 11:33 AM

Hello alfasf,

I'm afraid I have very bad news.

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.

CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:

#7 alfasf

alfasf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 04 August 2009 - 12:56 PM

Here is Gmer results log.

Let me say that after connecting to Internet, I could not open any website at all, and when opening Firefox it brought many tabs in the browser.




GMER 1.0.15.15011 [x9l9v15x.exe] - http://www.gmer.net
Rootkit scan 2009-08-04 10:42:55
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8633D500 pIofCallDriver

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[216] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[216] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[216] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[216] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\System32\wltrysvc.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\wltrysvc.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\wltrysvc.exe[284] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\wltrysvc.exe[284] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\wltrysvc.exe[284] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\wltrysvc.exe[284] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\System32\bcmwltry.exe[296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\bcmwltry.exe[296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\bcmwltry.exe[296] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\bcmwltry.exe[296] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\bcmwltry.exe[296] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\bcmwltry.exe[296] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\eHome\ehSched.exe[436] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\eHome\ehSched.exe[436] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\eHome\ehSched.exe[436] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\eHome\ehSched.exe[436] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\eHome\ehSched.exe[436] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\eHome\ehSched.exe[436] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\spoolsv.exe[448] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\ehome\ehtray.exe[552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\ehome\ehtray.exe[552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\ehome\ehtray.exe[552] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\ehome\ehtray.exe[552] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\ehome\ehtray.exe[552] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\ehome\ehtray.exe[552] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[560] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[560] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[560] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[560] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[560] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\system32\svchost.exe[592] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\system32\svchost.exe[592] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[624] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[624] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[624] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\WLTRAY.exe[644] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\WLTRAY.exe[644] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\WLTRAY.exe[644] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\WLTRAY.exe[644] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\WLTRAY.exe[644] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\WLTRAY.exe[644] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[652] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[652] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[652] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[652] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\eHome\ehRecvr.exe[700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\eHome\ehRecvr.exe[700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\eHome\ehRecvr.exe[700] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\eHome\ehRecvr.exe[700] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\eHome\ehRecvr.exe[700] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\eHome\ehRecvr.exe[700] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Common Files\Motive\McciCMService.exe[704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Common Files\Motive\McciCMService.exe[704] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Common Files\Motive\McciCMService.exe[704] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Common Files\Motive\McciCMService.exe[704] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Common Files\Motive\McciCMService.exe[704] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[716] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[716] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[716] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[716] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\winlogon.exe[872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\winlogon.exe[872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\winlogon.exe[872] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\winlogon.exe[872] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\winlogon.exe[872] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\winlogon.exe[872] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF948F4
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94983
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94990
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94C14
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF94979
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF949D1
.text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[936] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[936] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[936] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[936] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[936] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\Ati2evxx.exe[1092] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\Ati2evxx.exe[1092] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\Ati2evxx.exe[1092] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\Ati2evxx.exe[1092] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\Ati2evxx.exe[1092] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\Ati2evxx.exe[1092] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\system32\svchost.exe[1120] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\system32\svchost.exe[1120] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\QuickTime\QTTask.exe[1148] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\QuickTime\QTTask.exe[1148] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\QuickTime\QTTask.exe[1148] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\QuickTime\QTTask.exe[1148] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\QuickTime\QTTask.exe[1148] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\QuickTime\QTTask.exe[1148] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[1156] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[1156] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[1156] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[1156] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[1156] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[1156] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\system32\svchost.exe[1228] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\system32\svchost.exe[1228] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\iTunes\iTunesHelper.exe[1292] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\iTunes\iTunesHelper.exe[1292] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\iTunes\iTunesHelper.exe[1292] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\iTunes\iTunesHelper.exe[1292] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\iTunes\iTunesHelper.exe[1292] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\iTunes\iTunesHelper.exe[1292] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[1300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[1300] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[1300] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[1300] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[1300] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
? C:\WINDOWS\System32\svchost.exe[1316] number of sections mismatch; time/date stamp mismatch;
.rsrc C:\WINDOWS\System32\svchost.exe[1316] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[1316] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x0040A1EF]
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
? C:\WINDOWS\System32\svchost.exe[1332] number of sections mismatch; time/date stamp mismatch;
.rsrc C:\WINDOWS\System32\svchost.exe[1332] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[1332] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x0040A1EF]
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\System32\reader_s.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\reader_s.exe[1356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\reader_s.exe[1356] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\reader_s.exe[1356] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\reader_s.exe[1356] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\reader_s.exe[1356] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\System32\svchost.exe[1396] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[1396] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1416] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1416] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1416] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1416] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
? C:\WINDOWS\System32\svchost.exe[1420] number of sections mismatch; time/date stamp mismatch;
.rsrc C:\WINDOWS\System32\svchost.exe[1420] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[1420] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x0040A1EF]
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1444] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.rsrc C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1548] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1548] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1548] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1548] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1596] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1596] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1596] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1596] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1596] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\reader_s.exe[1664] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\reader_s.exe[1664] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\reader_s.exe[1664] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\reader_s.exe[1664] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\reader_s.exe[1664] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\reader_s.exe[1664] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1680] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1680] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1680] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\system32\svchost.exe[1716] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\system32\svchost.exe[1716] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\system32\svchost.exe[1720] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\system32\svchost.exe[1720] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\Ati2evxx.exe[1920] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\Ati2evxx.exe[1920] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\Ati2evxx.exe[1920] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\Ati2evxx.exe[1920] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\Ati2evxx.exe[1920] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\Ati2evxx.exe[1920] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.reloc C:\WINDOWS\Explorer.EXE[2008] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040]
.reloc C:\WINDOWS\Explorer.EXE[2008] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010FE82D]
.text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\System32\svchost.exe[2020] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[2020] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[2020] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\system32\svchost.exe[2080] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\system32\svchost.exe[2080] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\system32\svchost.exe[2080] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\svchost.exe[2080] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\svchost.exe[2080] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\svchost.exe[2080] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\svchost.exe[2080] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\svchost.exe[2080] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\System32\PAStiSvc.exe[2112] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\PAStiSvc.exe[2112] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\PAStiSvc.exe[2112] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\PAStiSvc.exe[2112] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\PAStiSvc.exe[2112] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\PAStiSvc.exe[2112] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.rsrc C:\WINDOWS\system32\svchost.exe[2152] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\system32\svchost.exe[2152] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x0100A1EF]
.text C:\WINDOWS\system32\svchost.exe[2152] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\svchost.exe[2152] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\svchost.exe[2152] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\svchost.exe[2152] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\svchost.exe[2152] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\svchost.exe[2152] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2196] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2196] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2196] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2196] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2316] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2316] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2316] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\ehome\mcrdsvc.exe[2420] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\ehome\mcrdsvc.exe[2420] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\ehome\mcrdsvc.exe[2420] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\ehome\mcrdsvc.exe[2420] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\ehome\mcrdsvc.exe[2420] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\ehome\mcrdsvc.exe[2420] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\iPod\bin\iPodService.exe[2756] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\iPod\bin\iPodService.exe[2756] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\iPod\bin\iPodService.exe[2756] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\iPod\bin\iPodService.exe[2756] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\iPod\bin\iPodService.exe[2756] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\iPod\bin\iPodService.exe[2756] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2780] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\dllhost.exe[2800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\dllhost.exe[2800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\dllhost.exe[2800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\dllhost.exe[2800] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\dllhost.exe[2800] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\dllhost.exe[2800] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\wscntfy.exe[2872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\wscntfy.exe[2872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\wscntfy.exe[2872] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\wscntfy.exe[2872] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\wscntfy.exe[2872] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\wscntfy.exe[2872] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\eHome\ehmsas.exe[3096] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\eHome\ehmsas.exe[3096] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\eHome\ehmsas.exe[3096] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\eHome\ehmsas.exe[3096] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\eHome\ehmsas.exe[3096] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\eHome\ehmsas.exe[3096] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\System32\alg.exe[3232] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\alg.exe[3232] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\alg.exe[3232] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\alg.exe[3232] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\alg.exe[3232] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\alg.exe[3232] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\WINDOWS\system32\csrs.exe[3504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\system32\csrs.exe[3504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\system32\csrs.exe[3504] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\system32\csrs.exe[3504] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\system32\csrs.exe[3504] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\system32\csrs.exe[3504] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
? C:\WINDOWS\System32\svchost.exe[3712] time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
.rsrc C:\WINDOWS\System32\svchost.exe[3712] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[3712] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x1314A1EF]
.text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
? C:\WINDOWS\System32\svchost.exe[3740] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.rsrc C:\WINDOWS\System32\svchost.exe[3740] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[3740] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x1314A1EF]
.text C:\WINDOWS\System32\svchost.exe[3740] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[3740] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[3740] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[3740] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[3740] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[3740] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
? C:\WINDOWS\System32\svchost.exe[3876] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.rsrc C:\WINDOWS\System32\svchost.exe[3876] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[3876] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x1314A1EF]
.text C:\WINDOWS\System32\svchost.exe[3876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[3876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[3876] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[3876] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[3876] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[3876] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
? C:\WINDOWS\System32\svchost.exe[3976] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.rsrc C:\WINDOWS\System32\svchost.exe[3976] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x5600, 0xE0000040]
.rsrc C:\WINDOWS\System32\svchost.exe[3976] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x1314A1EF]
.text C:\WINDOWS\System32\svchost.exe[3976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\WINDOWS\System32\svchost.exe[3976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\WINDOWS\System32\svchost.exe[3976] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\WINDOWS\System32\svchost.exe[3976] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\WINDOWS\System32\svchost.exe[3976] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\WINDOWS\System32\svchost.exe[3976] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\Desktop\x9l9v15x.exe[4872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA48F4
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\Desktop\x9l9v15x.exe[4872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4983
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\Desktop\x9l9v15x.exe[4872] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4990
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\Desktop\x9l9v15x.exe[4872] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4C14
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\Desktop\x9l9v15x.exe[4872] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA4979
.text C:\Documents and Settings\Owner.YOUR-B42A913F06\Desktop\x9l9v15x.exe[4872] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA49D1

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 4CE90043
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D03EE8
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3BDE856
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8B9E8
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021F05E8
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 0DE8F075
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] B7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] A0E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D309E856
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] DCE85607
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A8DB8
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E5CE800
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CED7
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021F09E8
IAT C:\WINDOWS\System32\svchost.exe[1316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 4CE90043
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D03EE8
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3BDE856
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8B9E8
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021F05E8
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 0DE8F075
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] B7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] A0E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D309E856
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] DCE85607
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A8DB8
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E5CE800
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CED7
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021F09E8
IAT C:\WINDOWS\System32\svchost.exe[1332] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 4CE90043
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D03EE8
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3BDE856
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8B9E8
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021F05E8
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 0DE8F075
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] B7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] A0E95ECE
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D309E856
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] DCE85607
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A8DB8
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E5CE800
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CED7
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021F09E8
IAT C:\WINDOWS\System32\svchost.exe[1420] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\Program Files\Internet Explorer\iexplore.exe[1444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F34C42] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F25AD3] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F3689B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF1C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80FDCD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80FCCF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80176F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C814F8A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C8350EF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C810BBC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C8097D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C82FC08] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C919BA0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C813133] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7CA411E0] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77F7054D] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77F6827C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77F74EE6] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77F8C4CE] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7E428717] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7E41A8AD] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [3D94D508] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3712] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [3D94878D] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77F15FE0] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80CD48] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C838E18] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C80B8C9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80B56F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C8097E0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80E4DD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C813133] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C84495D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C863FCA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C80DE95] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80BA71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C8101B1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C810FD2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C830791] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C801629] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C80A174] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C835DFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80E88C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80176F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C813851] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C834EE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C813879] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C812AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C80AA36] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3740] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C80A0B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3796] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77F15FE0] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80CD48] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C838E18] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80B8C9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C81116B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80B56F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C8097E0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80E4DD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C813133] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C84495D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C863FCA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80DE95] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80BA71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C8101B1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C80BB04] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C810FD2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C810800] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C801629] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80A174] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C835DFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C80176F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C813851] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C80EE77] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C834EE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C813879] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C812AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3876] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C80AA36] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77F15FE0] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77F1700A] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77F16F79] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F15B70] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C838E18] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80B8C9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C81116B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C812847] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809C65] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C8097E0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80E4DD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C813133] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C84495D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C863FCA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80DE95] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80B741] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80BA71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C8101B1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80BB04] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C810FD2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C830791] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C80A174] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C80E88C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80176F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C813851] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C80EE77] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C834EE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C813879] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C812AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C80AA36] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C80A0B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C80982E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C809842] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C8308B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809F91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C8106D7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3976] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C80A0DB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [862CA984] NDIS.sys[.reloc]

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 182912/182656 bytes executable
File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 212224/182656 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212224/182656 bytes executable

---- EOF - GMER 1.0.15 ----

#8 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:02 PM

Posted 04 August 2009 - 01:25 PM

alfasf,

Have you read Post #6 above?

I need you to read that post and let me know how you wish to proceed. I will be happy to answer any questions you may have as well.

Doc.

#9 alfasf

alfasf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 04 August 2009 - 02:38 PM

Hello alfasf,

I'm afraid I have very bad news.

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.

CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:



Sorry I posted the Gmer log without checking new messages. Indeed I am infected by this virus, I remember malwarebytes and spybot detected Virut (do not remember which variant) and "removed" them.

1. Knowing this from your post, I still want to keep my position of at least accessing secured websites like microsoft and other anti-virus. By doing this, I could download my licensed version of McAffee and install it in laptop so it scan it itself and also have real-protection. I don't know if you read but the hijacked page is track.moreniche.com/hit.php?w=155970&s=147 called DIET WITHOUT HUNGER positioning in Favorites without permission. Probably this information could be handy to you.

2. I'm not experienced in Reformatting disk and reinstalling. I have questions for reformatting and re-installing, but remember I would do this as my last resource.

* I don't have installation CD for the laptop. If wiping out hard drive, I won't be able to recover some useful pre-packed programs that came with laptop for free like CyberLink DVD Solution, which is used to burn CDs and play DVD movies. Probably after-reinstallation, it would require me to purchase this program. All other drivers I could download from gateway support website.

*How would I know what to backup without knowing which files are infected and the ones aren't?

*I still have the original Microsoft License key registration that appears on the bottom of laptop. Could I reregister this key without Microsoft thinking it's being used on another computer, hence being violated of terms and agreement? This license key belongs for this laptop.

A note: I acquired this laptop used, so that is the reason I don't have installation CD.

Again DocSatan, thank you so much for your time and support :thumbup2:

I would like to give suggestions for the professional helpers in this forum, which is to provide your schedules used in this forum in your profiles so we people know what time of the day to expect an online reply. Hope you take this suggestion as good.

#10 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:02 PM

Posted 04 August 2009 - 04:23 PM

Hi alfasf,

I would like to give suggestions for the professional helpers in this forum, which is to provide your schedules used in this forum in your profiles so we people know what time of the day to expect an online reply. Hope you take this suggestion as good.

  • I understand your point here, but the Helpers here are all Volunteers, from different parts of the world, who's schedules vary greatly.
  • Providing a schedule would just not be practical.
  • As a rule, I try to reply within 2 days, depending on my schedule.
  • Hope that helps. :thumbup2:
Let's see just how bad this Virut infection is:

1. Update Your Java Runtime Environment (JRE)
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
2. Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs ArchivesMail databases
  • Click on Critical Areas under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Doc.

#11 alfasf

alfasf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 04 August 2009 - 05:46 PM

1. Update Your Java Runtime Environment (JRE)
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
2. Please go to Kaspersky website and perform an online antivirus scan.[list]



1. There are three options to download Java 6 Update 14, should I install first option JDK 6 Update 14 with JavaFX SDK?

2. Since Kapersky is a valid anti-virus website, it is one of the websites I don't have access to "Internet Explorer cannot display the webpage"

Edited by alfasf, 04 August 2009 - 05:48 PM.


#12 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:02 PM

Posted 04 August 2009 - 06:23 PM

Hey alfasf,

Hold off on the Java update for now. :thumbup2:

Try this next:

1. Please Download ComboFix
Here is a Tutorial on using ComboFix: A guide and tutorial on using ComboFix
  • Save it to your Desktop
  • Do NOT run ComboFix yet
  • Here is an alternative link to download ComboFix, if the above one is not working for you:Link 1
2. Disable Your AntiVirus and AntiSpyware Programs
  • You should be able to Right-Click on the program's icon in the System Tray and get an option to shut-down/disable each program.
  • These programs may interfere with our fix. We will re-enable them when we are done.
3. Double click on ComboFix.exe that you just saved to your Desktop
  • Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. The Recovery Console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • It is strongly recommended to have the Recovery Console installed on your machine before doing any malware removal.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Posted Image

NOTE: If the Microsoft Windows Recovery Console is already installed, you will not receive a prompt from ComboFix regarding the Recovery Console.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
4. Re-enable Your AntiVirus and AntiSpyware Programs That You Disabled in Step 2.

5. What I need in Your Next Reply:
  • ComboFix.txt


#13 alfasf

alfasf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 04 August 2009 - 07:11 PM

It doesn't let me run Combofix.

An alert appears saying: Alert***It is not safe to boot Combofix at this moment
Please download a fresh copy: [giving the link from www.bleepincomputer]


Note: You may be infected with a file patching "Virut"

1. I could connect to Internet from laptop.

2. I could download Combofix from first option which I saved onto desktop, but just out of curiosity I clicked on the optional link for Combix but I could not connect with the webpage. Forospyware, it is one of those I am blocked.

What's next? By the way, thank you for your ontime responses. I really appreciated. When we finished this, I would like to give positive feedback of you if there is such thing, even in the case we cant repair this.

Edit: Now when opening Mozilla Firefox, it opens seval tabs at once showing many ads websites. This happened when I reconnected Internet after using DDS. I never attempted to browse those ads websites. Do you recommend to uninstall Firefox?

Edited by alfasf, 05 August 2009 - 02:15 AM.


#14 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:02 PM

Posted 05 August 2009 - 08:24 AM

Hi alfasf,

I'd like to take a closer look at your computer. This isn't going to change the situation. You should still Reformat, but it will help me to better inform you of possible options:

1. We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste the Extra.txt in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Doc.

#15 alfasf

alfasf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 05 August 2009 - 01:25 PM

OK here goes the extra log

OTL Extras logfile created on: 8/5/2009 11:21:57 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Owner.YOUR-B42A913F06\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.23 Mb Total Physical Memory | 363.60 Mb Available Physical Memory | 37.94% Memory free
2.26 Gb Paging File | 1.04 Gb Available in Paging File | 45.96% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.68 Gb Total Space | 47.14 Gb Free Space | 69.65% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.61 Gb Free Space | 67.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-B42A913F06
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1162063005\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1162063005\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
"{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}" = MSN Toolbar
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C4EE06-DA6D-45DC-A129-04166F5FF238}" = PC VGA Camera
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ATT-RC" = ATT-RC Self Support Tool
"BigFix" = BigFix
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B" = Soft Data Fax Modem with SmartCP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"cont_adsoftinc" = Contextual Tool Adsoftinc
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1010)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EZ Lyrics" = EZ Lyrics
"Google Desktop" = Google Desktop
"gtw_logo" = gtw_logo
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{F6C4EE06-DA6D-45DC-A129-04166F5FF238}" = PC VGA Camera
"iPrimo" = Internet Speed Monitor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 6.0" = RealPlayer Basic
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2009 5:58:54 AM | Computer Name = YOUR-B42A913F06 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/1/2009 6:53:30 AM | Computer Name = YOUR-B42A913F06 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_27_0_1000.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 8/1/2009 5:03:28 PM | Computer Name = YOUR-B42A913F06 | Source = pctsSvc.exe | ID = 0
Description =

Error - 8/1/2009 10:16:24 PM | Computer Name = YOUR-B42A913F06 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/1/2009 10:16:24 PM | Computer Name = YOUR-B42A913F06 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/2/2009 4:34:20 AM | Computer Name = YOUR-B42A913F06 | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00b1f7af.

Error - 8/2/2009 9:00:47 PM | Computer Name = YOUR-B42A913F06 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00036f63.

Error - 8/2/2009 9:00:54 PM | Computer Name = YOUR-B42A913F06 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00036f63.

Error - 8/2/2009 9:08:27 PM | Computer Name = YOUR-B42A913F06 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00037453.

Error - 8/4/2009 12:31:00 PM | Computer Name = YOUR-B42A913F06 | Source = Application Error | ID = 1000
Description = Faulting application 2B.tmp, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.5755, fault address 0x0000108d.

[ System Events ]
Error - 7/31/2009 12:57:33 AM | Computer Name = YOUR-B42A913F06 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00C0A8C779ED. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/31/2009 1:07:31 AM | Computer Name = YOUR-B42A913F06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/31/2009 1:08:04 AM | Computer Name = YOUR-B42A913F06 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 7/31/2009 1:08:04 AM | Computer Name = YOUR-B42A913F06 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 7/31/2009 1:08:04 AM | Computer Name = YOUR-B42A913F06 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 7/31/2009 1:08:04 AM | Computer Name = YOUR-B42A913F06 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 7/31/2009 1:08:04 AM | Computer Name = YOUR-B42A913F06 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/31/2009 1:08:04 AM | Computer Name = YOUR-B42A913F06 | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31

Error - 7/31/2009 1:08:04 AM | Computer Name = YOUR-B42A913F06 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi

Error - 7/31/2009 1:13:21 AM | Computer Name = YOUR-B42A913F06 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00C0A8C779ED. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users