Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious problem? Msword98.exe? Malware?


  • This topic is locked This topic is locked
65 replies to this topic

#1 dbwhit

dbwhit

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 August 2009 - 01:49 PM

I originally posted this thread http://www.bleepingcomputer.com/forums/ind...p;#entry1384975, but I'm getting 'No' help....Am I doing something wrong in my post or is it an unknown issue? I've thought about posting in another tech forum, but I don't want to be managing multiple forums or multiple advices.

OS: XP Pro SP2

As of last month my PC (w/ my stupid help :) bit into something & I can't shake it. I thought I solved the issue then, but now learned that I haven't...HELP? If you'll help me, I PROMISE I'VE LEARNED MY LESSON & I'LL NEVER DO IT AGAIN

Last month, for the 1st time ever, I went to install a "copy" of a program, to see if I could use it...before purchasing. :) BIG MISTAKE! :) & got some malware issuses that I believe to be reinstalling themselves. If interested, I could post the logs from then, but not wanting to confuse my thread, I've left out.

Now yesterday I clicked a link & immediately realized a mistake. For a split second I think I saw "Torrent", but not positive, on the page as it was loading (I'm familiar w/ "torrents", only in that they are used for downloading, which I've never understood & stay away from them). Anyway, my Symantec Endpoint automatically popped up, seconds after clicking the link, alerting me, now I'm not sure what it read but it stated threat name?..."Action Taken: Deleted...Restart Nessacary". Once the restart was performed & Windows was loading I get this Symantec notifications.

(#1)SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\9129837.exe (PID 2260)
Time: Friday, August 14, 2009 2:36:30 PM

(#2)
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\9129837.exe (PID 2260)
Time: Friday, August 14, 2009 2:36:30 PM

(#3)
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\9129837.exe (PID 2260)
Time: Friday, August 14, 2009 2:36:30 PM

(#4)
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\9129837.exe (PID 2260)
Time: Friday, August 14, 2009 2:36:30 PM

(#5)
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\9129837.exe (PID 2260)
Time: Friday, August 14, 2009 2:36:30 PM


as well as something from Symantec pointing to C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe At this point I was fumming & failed to read anymore, I disabled my internet connection, rebooted in safe mode, & did 3 software scans (Malwarebytes' Anti-Malware 1.40, SUPERAntiSpyware 4.26.1006, & Symantec End Point). I've done some research on the following Malwarebytes' log, more percise wiaserva.log, finding this http://www.symantec.com/security_response/...-99&tabid=2 Helpful? I don't know?

Malwarebytes' Scan Log

Malwarebytes' Anti-Malware 1.40
Database version: 2605
Windows 5.1.2600 Service Pack 3 (Safe Mode)

8/14/2009 9:01:57 AM
mbam-log-2009-08-14 (09-01-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 281921
Time elapsed: 2 hour(s), 1 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bca95e31-1fbf-4f84-8f23-1ba653007a1e} (Adware.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{994b5fb4-0103-44a6-b6b3-c73572b362bc} (Adware.BHO) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Doug Whitted\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

End of Malwarebytes' Scan Log


Here are the results of SUPERAntiSpyware scan.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/14/2009 at 10:21 AM

Application Version : 4.26.1006

Core Rules Database Version : 4003
Trace Rules Database Version: 1943

Scan type : Complete Scan
Total Scan Time : 01:07:18

Memory items scanned : 294
Memory threats detected : 0
Registry items scanned : 6933
Registry threats detected : 3
File items scanned : 22554
File threats detected : 0

Trojan.Agent/Gen
HKU\S-1-5-21-1659004503-776561741-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156A32A-C512-4E23-AA9A-2315F4265681}

Adware.Vundo Variant
HKU\S-1-5-21-1659004503-776561741-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{994B5FB4-0103-44A6-B6B3-C73572B362BC}
HKU\S-1-5-21-1659004503-776561741-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCA95E31-1FBF-4F84-8F23-1BA653007A1E}

End of SUPERAntiSpyware Scan


Now the Symantec scan was performed last of the 3 scans. The results of it's scan was positive w/ NO THREATS
...Whew :thumbup2: ...At least that's what I thought :) ...Don't count dem chickens b'fore da hatch boy :cool:

Okay, I rebooted in normal boot & just as before, as Windows is loading, I get this notification:

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\9129837.exe (PID 2260)
Time: Friday, August 14, 2009 2:36:30 PM


On top of this I get this "Auto Protect" alert from Symantec, I would copy/paste the log, but I'm not sure how to :) :) :?

THREAT 1
Risk= Packed.Generic.233
Action= Restart Required (Cleaned by deletion)
Filename=BNB.tmp
Risk Type= File
Original Location= C:\Documents and Settings\...\Local Settings\Temp
Status= Deletion
Current Location= Deleted
Action Description= Deleted successfully

THREAT 2
Risk= Trojan Horse
Action= Quarantined
Filename= install.exe
Risk Type= File
Original Location= C:\Documents and Settings\...\Local Settings\Temp\RarSFX0
Status= Infected
Current Location= Quarantine
Action Description= Quarantined successfully


There's also a window that reads
"Windows cannot find 'install.exe'. Make sure you typed the name correctly, and then try again. To search for a file click 'Sart' click 'Search"


Will you guys/gals help me out?


Now, I just rebooted again & the latest is its now saying...

"msword98.exe has encountered a problem...." two notifications came up.
http://www.virusremovalguru.com/?p=3307


Symantec AV Auto-Protect caught only 1, the "Packed.Generic.233"....

The Symantec Protection now brings up 36

Ohhh...This isn't looking good!...SOMEONE PLEASE HELP ME?

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:58 PM

Posted 15 August 2009 - 01:52 PM

Hello dbwhit

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 dbwhit

dbwhit
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 August 2009 - 02:08 PM

Ok....I posted this on my bak-up PC...I just booted up affected PC, I now get this

explorer.exe the application failed to initialize properly (0xc00000142)

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:58 PM

Posted 15 August 2009 - 02:09 PM

Ok please try to do what is in my previous post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 dbwhit

dbwhit
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 August 2009 - 02:12 PM

But nothing loaded...All I got is my wallpaper, my cursur moves bur nothing to click on

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:58 PM

Posted 15 August 2009 - 02:30 PM

Try to do this then Hit the ctrl+alt+delete all at the same time to bring up the task manager.
Then go to the top where it says File click that,then you will see New Task Run click that.
Then in the run box type in this explorer then click ok.

See if it get's you to the desktop then try to proceed.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 dbwhit

dbwhit
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 August 2009 - 02:32 PM

It booted up...Following instructions now.

#8 dbwhit

dbwhit
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 August 2009 - 02:50 PM

POSTING OTL & EXTRAS RESULTS BE BACK WITH THE NEXT INSTRUCTION RESULTS NEXT

OTL logfile created on: 8/15/2009 3:37:19 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Doug Whitted\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.58 Gb Available in Paging File | 89.50% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 120.93 Gb Free Space | 51.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.09 Gb Total Space | 215.06 Gb Free Space | 72.15% Space Free | Partition Type: NTFS

Computer Name: DOUGW
Current User Name: Doug Whitted
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
PRC - C:\WINDOWS\System32\msword98.exe ()
PRC - C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\9129837.exe (Heaventools Software)
PRC - C:\Documents and Settings\Doug Whitted\msword98.exe ()
PRC - C:\WINDOWS\System32\osk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\MSSWCHX.EXE (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Doug Whitted\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\System32\cidaemon.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Stopped]) -- File not found
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Maxtor Sync Service [Auto | Running]) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (SmcService [Auto | Running]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\COH_Mon.sys (Symantec Corporation)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (CTUSFSYN [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (e1express [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDFs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDRm.sys (Nero AG)
DRV - (mf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mf.sys (Microsoft Corporation)
DRV - (monfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (MXOPSWD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090814.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090814.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NmPar [System | Running]) -- C:\WINDOWS\System32\DRIVERS\NmPar.sys (Windows ® 2000 DDK provider)
DRV - (Ntfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\ntfs.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sentinel [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (SNTNLUSB [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SSIPDDP [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SSIPDDP.SYS ()
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.waycrosslocal.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.waycrosslocal.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {96118df2-0d02-4dbc-9ad5-98995dc7d977}:0.2.7
FF - prefs.js..extensions.enabledItems: {D02B1E87-A8C6-433f-9B5C-2CEC4A072736}:04.10.01.03
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/03 23:07:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/03 23:07:53 | 00,000,000 | ---D | M]

[2009/04/04 15:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Extensions
[2008/08/26 20:59:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/04 15:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/14 18:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Firefox\Profiles\xvt5eq9k.default\extensions
[2009/02/07 17:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Firefox\Profiles\xvt5eq9k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/06/26 17:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Firefox\Profiles\xvt5eq9k.default\extensions\{96118df2-0d02-4dbc-9ad5-98995dc7d977}
[2009/02/07 17:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Firefox\Profiles\xvt5eq9k.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}
[2009/02/07 17:22:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Firefox\Profiles\xvt5eq9k.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}-trash
[2009/06/04 17:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\mozilla\Firefox\Profiles\xvt5eq9k.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\Application Data\Mozilla\FireFox\Profiles\xvt5eq9k.default\searchplugins\MySpace.xml
[2009/08/14 18:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/03 23:07:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/01 14:16:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2009/08/03 23:07:47 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/03 23:07:47 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/17 12:09:01 | 00,135,680 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/03 23:07:50 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/04 19:24:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/04 19:24:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/04 19:24:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/04 19:24:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/04 19:24:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/04 19:24:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/04 19:24:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/09/26 12:03:14 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2007/05/16 08:22:00 | 00,151,300 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/02/06 18:08:23 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/06 18:08:23 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/06 18:08:23 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/06 18:08:23 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/06 18:08:23 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/06 18:08:23 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/06 18:08:23 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [braviax] File not found
O4 - HKLM..\Run: [msword98] C:\WINDOWS\System32\msword98.exe ()
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [braviax] File not found
O4 - HKCU..\Run: [msword98] C:\Documents and Settings\Doug Whitted\msword98.exe ()
O4 - HKCU..\Run: [OnlineBackupScheduler] C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [ttool] C:\WINDOWS\9129837.exe (Heaventools Software)
O4 - Startup: C:\Documents and Settings\Doug Whitted\Start Menu\Programs\Startup\ikowin32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Doug Whitted\Start Menu\Programs\Startup\On-Screen Keyboard.lnk = C:\WINDOWS\System32\osk.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1212085511437 (WUWebControl Class)
O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} http://www.christianrock2.net/amp3dj.cab (Active DJ Studio ActiveX Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/Autodesk%20Architectural%20Desktop%203/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/Autodesk%20Architectural%20Desktop%203/InstFred.ocx (NOXLATE)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/Autodesk%20Architectural%20Desktop%203/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.81.96.67 216.81.96.68
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/25 16:22:21 | 00,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:22:37 | 00,000,055 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a14b656e-d6bd-11dd-a106-0019d13d8f04}\Shell - "" = Autorun
O33 - MountPoints2\{a14b656e-d6bd-11dd-a106-0019d13d8f04}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a14b656e-d6bd-11dd-a106-0019d13d8f04}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\Shell32.DLL -- [2008/06/17 15:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{a14b656e-d6bd-11dd-a106-0019d13d8f04}\Shell\Open\command - "" = L:\RECYCLER\S-1-1-21-100018033-100000048-100018173-1317.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/08/15 15:35:50 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\Desktop\Serious problem Msword98.exe Malware.URL
[2009/08/15 15:33:05 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doug Whitted\Desktop\OTL.exe
[2009/08/15 15:28:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\lowsec
[2009/08/14 14:36:31 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009/08/14 14:36:27 | 00,061,952 | ---- | C] (Heaventools Software) -- C:\WINDOWS\9129837.exe
[2009/08/14 14:36:26 | 00,026,686 | ---- | C] () -- C:\WINDOWS\System32\msword98.exe
[2009/08/14 09:10:36 | 00,003,026 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\cc_20090814_091031.reg
[2009/08/13 17:50:38 | 00,036,288 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\20387400_640X360.jpg
[2009/08/11 14:23:40 | 00,123,362 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\Winges-1967.jpg
[2009/08/11 13:30:21 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/11 13:29:53 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/08 16:58:42 | 00,065,250 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\6134_243578780407_805660407_7999248_3582047_n.jpg
[2009/08/05 05:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 23:16:56 | 00,000,958 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\cc_20090803_231654.reg
[2009/08/02 19:28:04 | 00,034,631 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\columbus2.jpg
[2009/08/02 19:09:28 | 00,180,203 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\Applied-Knowledge-by-Language-Arts-Crew_vR8FNt3HJtMx_full.jpg
[2009/08/02 19:06:47 | 01,306,966 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\language-arts-quotes.jpg
[2009/08/02 19:05:41 | 04,431,159 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\language-arts-small-run.jpg
[2009/07/27 14:48:31 | 00,000,656 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\os084633.bin
[2009/07/27 14:36:52 | 00,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2009/07/27 14:32:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Vbox
[2009/07/27 14:32:28 | 00,243,712 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\KPCP32.DLL
[2009/07/27 14:32:28 | 00,156,672 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\sprof32.dll
[2009/07/27 14:32:28 | 00,070,144 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\KPFP32.DLL
[2009/07/27 14:32:28 | 00,058,368 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\pfpick.dll
[2009/07/27 14:32:28 | 00,053,760 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\PTPICK32.DLL
[2009/07/27 14:32:28 | 00,048,128 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\KPSYS32.DLL
[2009/07/27 14:32:28 | 00,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
[2009/07/27 14:32:28 | 00,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2009/07/27 14:32:28 | 00,031,744 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\KPSHARP.DLL
[2009/07/27 14:32:28 | 00,031,232 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\KPSCALE.DLL
[2009/07/27 14:32:28 | 00,020,992 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\icccodes.dll
[2009/07/27 14:32:28 | 00,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/07/27 14:32:17 | 00,401,484 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL
[2009/07/27 14:32:17 | 00,322,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC30.DLL
[2009/07/27 14:32:17 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2009/07/27 14:32:17 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/07/27 14:32:17 | 00,133,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCANS32.DLL
[2009/07/27 14:32:17 | 00,133,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCO30.DLL
[2009/07/27 14:32:17 | 00,094,285 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCIRTD.DLL
[2009/07/27 14:32:17 | 00,033,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\URLCACHE.DLL
[2009/07/27 14:32:17 | 00,032,792 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\SPWHPT.DLL
[2009/07/27 14:32:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W95FIBER.DLL
[2009/07/27 14:32:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCUIA32.DLL
[2009/07/27 14:32:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Color
[2009/07/27 14:32:10 | 00,000,000 | ---D | C] -- C:\Kpcms
[2009/07/27 14:14:00 | 00,027,305 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\Tonya-Ad-01.pdf
[2009/07/27 14:05:00 | 00,028,971 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\Tonya-Ad.png
[2009/07/23 21:36:19 | 00,012,920 | ---- | C] () -- C:\Documents and Settings\Doug Whitted\My Documents\cc_20090723_213615.reg
[2009/07/18 02:44:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doug Whitted\My Documents\Ely
[2009/07/17 15:01:06 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/07/09 17:51:23 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2008/09/14 12:01:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/08/15 15:54:37 | 00,055,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIPDDP.SYS
[2008/07/19 13:47:28 | 00,006,656 | R--- | C] () -- C:\WINDOWS\System32\NmCoInst.dll
[2008/07/09 14:17:10 | 00,000,130 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008/06/27 23:24:53 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/27 23:24:50 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/27 23:24:50 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/27 23:24:49 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/27 23:24:47 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/27 23:24:47 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/12 20:12:44 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/06/02 16:00:59 | 00,000,397 | ---- | C] () -- C:\WINDOWS\hpw9800k.ini
[2008/06/02 16:00:09 | 00,000,092 | ---- | C] () -- C:\WINDOWS\hpdj9800.ini
[2008/06/02 16:00:04 | 00,001,545 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2008/05/31 17:30:02 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/29 14:15:25 | 00,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/04/17 22:08:14 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2004/08/04 08:00:00 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2004/08/04 08:00:00 | 00,000,633 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/15 15:35:50 | 00,000,124 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\Desktop\Serious problem Msword98.exe Malware.URL
[2009/08/15 15:33:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug Whitted\Desktop\OTL.exe
[2009/08/15 15:28:53 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/15 15:27:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/15 15:27:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/15 14:57:10 | 04,312,342 | -H-- | M] () -- C:\Documents and Settings\Doug Whitted\Local Settings\Application Data\IconCache.db
[2009/08/14 14:36:31 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2009/08/14 14:36:31 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009/08/14 14:36:26 | 00,026,686 | ---- | M] () -- C:\WINDOWS\System32\msword98.exe
[2009/08/14 14:36:25 | 00,061,952 | ---- | M] (Heaventools Software) -- C:\WINDOWS\9129837.exe
[2009/08/14 14:31:38 | 00,000,633 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/14 14:31:38 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/14 14:31:38 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/14 09:10:42 | 00,003,026 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\cc_20090814_091031.reg
[2009/08/13 21:26:27 | 00,136,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/08/13 21:26:27 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/08/13 21:26:27 | 00,010,652 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/08/13 21:26:27 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/08/13 18:03:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/13 17:50:38 | 00,036,288 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\20387400_640X360.jpg
[2009/08/11 14:23:41 | 00,123,362 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\Winges-1967.jpg
[2009/08/08 16:58:42 | 00,065,250 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\6134_243578780407_805660407_7999248_3582047_n.jpg
[2009/08/08 12:59:05 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/04 01:45:24 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 23:17:00 | 00,000,958 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\cc_20090803_231654.reg
[2009/08/03 19:13:40 | 00,199,168 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 19:28:05 | 00,034,631 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\columbus2.jpg
[2009/08/02 19:09:29 | 00,180,203 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\Applied-Knowledge-by-Language-Arts-Crew_vR8FNt3HJtMx_full.jpg
[2009/08/02 19:06:48 | 01,306,966 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\language-arts-quotes.jpg
[2009/08/02 19:05:41 | 04,431,159 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\language-arts-small-run.jpg
[2009/07/29 20:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/29 17:10:44 | 00,000,656 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\os084633.bin
[2009/07/27 18:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/27 14:40:31 | 00,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2009/07/27 14:14:02 | 00,027,305 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\Tonya-Ad-01.pdf
[2009/07/27 14:05:00 | 00,028,971 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\Tonya-Ad.png
[2009/07/23 21:36:22 | 00,012,920 | ---- | M] () -- C:\Documents and Settings\Doug Whitted\My Documents\cc_20090723_213615.reg
[2009/07/19 09:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 09:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 09:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/17 15:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/07/17 15:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll

========== LOP Check ==========

[2009/07/07 14:04:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/14 17:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/04 19:26:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/06/07 21:34:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B41B7D90-E300-4788-BC2F-96501AB9788F}
[2008/06/25 16:04:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/06/23 17:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/06/07 21:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/08/29 13:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/06/08 11:16:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/06/12 16:33:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/01/31 15:33:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2008/09/25 19:55:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/08/14 14:34:11 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Doug Whitted\Application Data
[2009/04/24 11:55:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Ahead
[2008/06/25 16:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Autodesk
[2008/06/28 17:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Azureus
[2009/05/21 19:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Camfrog
[2008/12/17 23:31:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\COWON
[2008/06/27 21:10:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\DVD Flick
[2008/08/29 13:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\FileOpen
[2009/07/23 21:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\LimeWire
[2008/06/26 18:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Musicmatch
[2009/08/14 19:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Online Backup
[2009/06/14 21:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Opera
[2009/06/17 13:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\U3
[2009/05/06 16:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Vso
[2008/09/25 19:55:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug Whitted\Application Data\Zylom
[2009/08/13 18:03:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/15 15:27:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >



OTL Extras logfile created on: 8/15/2009 3:37:19 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Doug Whitted\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.58 Gb Available in Paging File | 89.50% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 120.93 Gb Free Space | 51.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.09 Gb Total Space | 215.06 Gb Free Space | 72.15% Space Free | Partition Type: NTFS

Computer Name: DOUGW
Current User Name: Doug Whitted
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"mW[־`=v%S8>grl>\=۱" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DOCUME~1\DOUGWH~1\LOCALS~1\Temp\IXP000.TMP\SOUND_~1.EXE" = C:\DOCUME~1\DOUGWH~1\LOCALS~1\Temp\IXP000.TMP\SOUND_~1.EXE:*:Enabled:Windows Application Service -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Disabled:MySpaceIM -- ()
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Disabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Disabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Disabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Disabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\MusicBrainz Picard\picard.exe" = C:\Program Files\MusicBrainz Picard\picard.exe:*:Disabled:The next generation MusicBrainz tagger -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3604E30B-DC8C-4B0F-861B-57C9A8363717}" = Mastercam X MR2 Design LT
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4AA73F1C-D8F2-4324-B796-4BD82E07F52F}" = SoftPlan version 14 [C:\Program Files\SoftPlan14]
"{50A3038D-023D-4EBD-A899-1B84C048FE78}" = Learning Accounting Essentials 2008
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-000C-0409-0000-0060B0CE6BBA}" = Autodesk Architectural Desktop 3
"{5793D22D-E243-4434-9DFD-C4D78D6D13C1}" = FileOpen Plug-in for Adobe Acrobat and Acrobat Reader
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECB8220-F420-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008 (Plus Pack)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A9255718-8A40-45F9-B738-93655FBD4F6F}" = QuickBooks Online Backup
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC04D825-1FB6-44CA-8D2A-2A92E006F33B}" = SoftPlan version 14 [C:\Program Files\SoftPlan14-1]
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE33EC58-5DFB-4560-9D33-1E7942E0554F}" = HP Deskjet 9800
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}" = Symantec Endpoint Protection
"{FC5596C9-014B-4099-B855-F80FB9B39FC7}" = SAPI5
"1d1673c4-b865-9478-144c-fad57635bd8a" = Contextual Tool Precisead
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Video FX Utility" = Advanced Video FX Utility
"AnswerWorks" = AnswerWorks Runtime
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"CCleaner" = CCleaner (remove only)
"DVD Flick_is1" = DVD Flick
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0
"getPlus®_dll" = getPlus®_dll
"hp Deskjet 9800 series" = HP Deskjet 9800 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3604E30B-DC8C-4B0F-861B-57C9A8363717}" = Mastercam X MR2 Design LT
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"Learning Accounting Essentials 2008" = Learning Accounting Essentials 2008
"Legacy 7.0" = Legacy 7.0
"LegacyChart7_is1" = Legacy Charting 7.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MosChip Technology" = MosChip Multi-IO Controller
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.83
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"STANDARD" = Microsoft Office Standard 2007
"Tag&Rename_is1" = Tag&Rename 3.4.6
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.4f
"WIC" = Windows Imaging Component
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2009 3:31:34 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Hacktool.Rootkit in File: C:\WINDOWS\system32\dllcache\figaro.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 8/15/2009 3:31:36 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Hacktool.Rootkit in File: C:\WINDOWS\system32\dllcache\figaro.sys
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 8/15/2009 3:31:36 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Packed.Generic.233 in File: C:\WINDOWS\system32\braviax.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 8/15/2009 3:31:40 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Packed.Generic.233 in File: C:\WINDOWS\system32\braviax.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 8/15/2009 3:31:41 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Packed.Generic.233 in File: C:\Documents and Settings\Doug
Whitted\Local Settings\Temp\BN5.tmp by: Auto-Protect scan. Action: Cleaned by
Deletion. Action Description: The file was deleted successfully.

Error - 8/15/2009 3:31:44 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Packed.Generic.233 in File: C:\Documents and Settings\Doug
Whitted\Local Settings\Temp\BN5.tmp by: Auto-Protect scan. Action: Cleaned by
Deletion. Action Description: The file was deleted successfully.

Error - 8/15/2009 3:31:47 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Packed.Generic.233 in File: C:\Documents and Settings\Doug
Whitted\Local Settings\Temp\BN4.tmp by: Auto-Protect scan. Action: Cleaned by
Deletion. Action Description: The file was deleted successfully.

Error - 8/15/2009 3:31:50 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Packed.Generic.233 in File: C:\Documents and Settings\Doug
Whitted\Local Settings\Temp\BN4.tmp by: Auto-Protect scan. Action: Cleaned by
Deletion. Action Description: The file was deleted successfully.

Error - 8/15/2009 3:31:51 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Packed.Generic.233 in File: C:\WINDOWS\Temp\BNB.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 8/15/2009 3:31:54 PM | Computer Name = DOUGW | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Packed.Generic.233 in File: C:\WINDOWS\Temp\BNB.tmp
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

[ System Events ]
Error - 8/14/2009 9:13:04 AM | Computer Name = DOUGW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 8/14/2009 9:13:33 AM | Computer Name = DOUGW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/14/2009 9:20:56 AM | Computer Name = DOUGW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/14/2009 2:31:46 PM | Computer Name = DOUGW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/14/2009 2:34:24 PM | Computer Name = DOUGW | Source = Service Control Manager | ID = 7000
Description = The SSIPDDP Parallel port device driver service failed to start due
to the following error: %%1332

Error - 8/14/2009 5:33:16 PM | Computer Name = DOUGW | Source = Service Control Manager | ID = 7000
Description = The SSIPDDP Parallel port device driver service failed to start due
to the following error: %%1332

Error - 8/15/2009 2:59:43 PM | Computer Name = DOUGW | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 8/15/2009 2:59:45 PM | Computer Name = DOUGW | Source = Service Control Manager | ID = 7000
Description = The SSIPDDP Parallel port device driver service failed to start due
to the following error: %%1332

Error - 8/15/2009 3:28:52 PM | Computer Name = DOUGW | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 8/15/2009 3:29:02 PM | Computer Name = DOUGW | Source = Service Control Manager | ID = 7000
Description = The SSIPDDP Parallel port device driver service failed to start due
to the following error: %%1332


< End of report >

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:58 PM

Posted 15 August 2009 - 05:25 PM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\9129837.exe
C:\WINDOWS\System32\msword98.exe
C:\WINDOWS\Explorer.exe

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 dbwhit

dbwhit
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 August 2009 - 05:54 PM

GMER 1.0.15.15020 [gpe48396.exe] - http://www.gmer.net
Rootkit scan 2009-08-15 18:53:06
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8A8ACA90 ZwAlertResumeThread
SSDT 8A8AAC70 ZwAlertThread
SSDT 8AA39630 ZwConnectPort
SSDT 8A8C82F8 ZwCreateMutant
SSDT 8A8BF2B8 ZwFreeVirtualMemory
SSDT 8A8B1488 ZwImpersonateAnonymousToken
SSDT 8A8AE0B8 ZwImpersonateThread
SSDT 8A8BF1C0 ZwMapViewOfSection
SSDT 8A8B1628 ZwOpenEvent
SSDT 8A8A53D0 ZwOpenProcessToken
SSDT 8A8B9CD8 ZwOpenThreadToken
SSDT 8AA28B90 ZwResumeThread
SSDT 8A8A69D8 ZwSetContextThread
SSDT 8A8BBC08 ZwSetInformationProcess
SSDT 8A8B9770 ZwSetInformationThread
SSDT 8A8B2120 ZwSuspendProcess
SSDT 8A8AAAF8 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6DC2DF0]
SSDT 8A8A9080 ZwTerminateThread
SSDT 8A8A5868 ZwUnmapViewOfSection

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B82F34
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B82EFF
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00B81C5E
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00B82C42
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00B82B78
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00B81B3C
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00B81BCD
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00B82DB4
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[168] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00B82D9A
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00152F34
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00152EFF
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00151C5E
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00152C42
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00152B78
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00151B3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00151BCD
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00152DB4
.text C:\Program Files\Mozilla Firefox\firefox.exe[220] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00152D9A
.text C:\WINDOWS\system32\svchost.exe[452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A62F34
.text C:\WINDOWS\system32\svchost.exe[452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A62EFF
.text C:\WINDOWS\system32\svchost.exe[452] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00A61C5E
.text C:\WINDOWS\system32\svchost.exe[452] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00A62C42
.text C:\WINDOWS\system32\svchost.exe[452] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00A62B78
.text C:\WINDOWS\system32\svchost.exe[452] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00A61B3C
.text C:\WINDOWS\system32\svchost.exe[452] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00A61BCD
.text C:\WINDOWS\system32\svchost.exe[452] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00A62DB4
.text C:\WINDOWS\system32\svchost.exe[452] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00A62D9A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0A392F34
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0A392EFF
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 0A391C5E
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 0A392C42
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 0A392B78
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 0A391B3C
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 0A391BCD
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 0A392DB4
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[464] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 0A392D9A
.text C:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01382F34
.text C:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01382EFF
.text C:\WINDOWS\system32\winlogon.exe[740] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 01381C5E
.text C:\WINDOWS\system32\winlogon.exe[740] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 01382C42
.text C:\WINDOWS\system32\winlogon.exe[740] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 01382B78
.text C:\WINDOWS\system32\winlogon.exe[740] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 01381B3C
.text C:\WINDOWS\system32\winlogon.exe[740] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 01381BCD
.text C:\WINDOWS\system32\winlogon.exe[740] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 01382DB4
.text C:\WINDOWS\system32\winlogon.exe[740] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 01382D9A
.text C:\WINDOWS\system32\svchost.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00802F34
.text C:\WINDOWS\system32\svchost.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00802EFF
.text C:\WINDOWS\system32\svchost.exe[752] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00801C5E
.text C:\WINDOWS\system32\svchost.exe[752] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00802C42
.text C:\WINDOWS\system32\svchost.exe[752] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00802B78
.text C:\WINDOWS\system32\svchost.exe[752] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00801B3C
.text C:\WINDOWS\system32\svchost.exe[752] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00801BCD
.text C:\WINDOWS\system32\svchost.exe[752] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00802DB4
.text C:\WINDOWS\system32\svchost.exe[752] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00802D9A
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00062F34
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00062EFF
.text C:\WINDOWS\system32\services.exe[788] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00061C5E
.text C:\WINDOWS\system32\services.exe[788] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00062C42
.text C:\WINDOWS\system32\services.exe[788] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00062B78
.text C:\WINDOWS\system32\services.exe[788] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00061B3C
.text C:\WINDOWS\system32\services.exe[788] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00061BCD
.text C:\WINDOWS\system32\services.exe[788] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00062DB4
.text C:\WINDOWS\system32\services.exe[788] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00062D9A
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00062F34
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00062EFF
.text C:\WINDOWS\system32\lsass.exe[800] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00061C5E
.text C:\WINDOWS\system32\lsass.exe[800] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00062C42
.text C:\WINDOWS\system32\lsass.exe[800] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00062B78
.text C:\WINDOWS\system32\lsass.exe[800] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00061B3C
.text C:\WINDOWS\system32\lsass.exe[800] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00061BCD
.text C:\WINDOWS\system32\lsass.exe[800] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00062DB4
.text C:\WINDOWS\system32\lsass.exe[800] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00062D9A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027B2F34
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027B2EFF
.text C:\WINDOWS\system32\svchost.exe[952] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 027B1C5E
.text C:\WINDOWS\system32\svchost.exe[952] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 027B2C42
.text C:\WINDOWS\system32\svchost.exe[952] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 027B2B78
.text C:\WINDOWS\system32\svchost.exe[952] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 027B1B3C
.text C:\WINDOWS\system32\svchost.exe[952] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 027B1BCD
.text C:\WINDOWS\system32\svchost.exe[952] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 027B2DB4
.text C:\WINDOWS\system32\svchost.exe[952] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 027B2D9A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD2F34
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD2EFF
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00AD1C5E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00AD2C42
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00AD2B78
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00AD1B3C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00AD1BCD
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00AD2DB4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[992] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00AD2D9A
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B12F34
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B12EFF
.text C:\WINDOWS\system32\svchost.exe[1040] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00B11C5E
.text C:\WINDOWS\system32\svchost.exe[1040] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00B12C42
.text C:\WINDOWS\system32\svchost.exe[1040] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00B12B78
.text C:\WINDOWS\system32\svchost.exe[1040] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00B11B3C
.text C:\WINDOWS\system32\svchost.exe[1040] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00B11BCD
.text C:\WINDOWS\system32\svchost.exe[1040] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00B12DB4
.text C:\WINDOWS\system32\svchost.exe[1040] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00B12D9A
.text C:\WINDOWS\system32\cidaemon.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00092F34
.text C:\WINDOWS\system32\cidaemon.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00092EFF
.text C:\WINDOWS\system32\cidaemon.exe[1084] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00091C5E
.text C:\WINDOWS\system32\cidaemon.exe[1084] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00092C42
.text C:\WINDOWS\system32\cidaemon.exe[1084] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00092B78
.text C:\WINDOWS\system32\cidaemon.exe[1084] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00091B3C
.text C:\WINDOWS\system32\cidaemon.exe[1084] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00091BCD
.text C:\WINDOWS\system32\cidaemon.exe[1084] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00092DB4
.text C:\WINDOWS\system32\cidaemon.exe[1084] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00092D9A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00832F34
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00832EFF
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00831C5E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00832C42
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00832B78
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00831B3C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00831BCD
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00832DB4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1092] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00832D9A
.text C:\WINDOWS\system32\cisvc.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D2F34
.text C:\WINDOWS\system32\cisvc.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D2EFF
.text C:\WINDOWS\system32\cisvc.exe[1136] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 006D1C5E
.text C:\WINDOWS\system32\cisvc.exe[1136] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 006D2C42
.text C:\WINDOWS\system32\cisvc.exe[1136] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 006D2B78
.text C:\WINDOWS\system32\cisvc.exe[1136] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 006D1B3C
.text C:\WINDOWS\system32\cisvc.exe[1136] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 006D1BCD
.text C:\WINDOWS\system32\cisvc.exe[1136] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 006D2DB4
.text C:\WINDOWS\system32\cisvc.exe[1136] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 006D2D9A
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02652F34
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02652EFF
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 02651C5E
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 02652C42
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 02652B78
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 02651B3C
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 02651BCD
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 02652DB4
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 02652D9A
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00552F34
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00552EFF
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00551C5E
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00552C42
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00552B78
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00551B3C
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00551BCD
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00552DB4
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1192] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00552D9A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00292F34
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00292EFF
.text C:\WINDOWS\system32\svchost.exe[1344] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00291C5E
.text C:\WINDOWS\system32\svchost.exe[1344] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00292C42
.text C:\WINDOWS\system32\svchost.exe[1344] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00292B78
.text C:\WINDOWS\system32\svchost.exe[1344] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00291B3C
.text C:\WINDOWS\system32\svchost.exe[1344] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00291BCD
.text C:\WINDOWS\system32\svchost.exe[1344] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00292DB4
.text C:\WINDOWS\system32\svchost.exe[1344] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00292D9A
? C:\WINDOWS\system32\svchost.exe[1400] image checksum mismatch; time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00082F34
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00082EFF
.text C:\WINDOWS\system32\svchost.exe[1400] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00081C5E
.text C:\WINDOWS\system32\svchost.exe[1400] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00082C42
.text C:\WINDOWS\system32\svchost.exe[1400] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00082B78
.text C:\WINDOWS\system32\svchost.exe[1400] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00081B3C
.text C:\WINDOWS\system32\svchost.exe[1400] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00081BCD
.text C:\WINDOWS\system32\svchost.exe[1400] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00082DB4
.text C:\WINDOWS\system32\svchost.exe[1400] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00082D9A
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03A32F34
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03A32EFF
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 03A31C5E
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 03A32C42
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 03A32B78
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 03A31B3C
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 03A31BCD
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 03A32DB4
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1428] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 03A32D9A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00682F34
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00682EFF
.text C:\WINDOWS\system32\svchost.exe[1460] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00681C5E
.text C:\WINDOWS\system32\svchost.exe[1460] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00682C42
.text C:\WINDOWS\system32\svchost.exe[1460] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00682B78
.text C:\WINDOWS\system32\svchost.exe[1460] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00681B3C
.text C:\WINDOWS\system32\svchost.exe[1460] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00681BCD
.text C:\WINDOWS\system32\svchost.exe[1460] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00682DB4
.text C:\WINDOWS\system32\svchost.exe[1460] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00682D9A
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC2F34
.text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC2EFF
.text C:\WINDOWS\system32\svchost.exe[1516] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00CC1C5E
.text C:\WINDOWS\system32\svchost.exe[1516] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00CC2C42
.text C:\WINDOWS\system32\svchost.exe[1516] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00CC2B78
.text C:\WINDOWS\system32\svchost.exe[1516] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00CC1B3C
.text C:\WINDOWS\system32\svchost.exe[1516] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00CC1BCD
.text C:\WINDOWS\system32\svchost.exe[1516] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00CC2DB4
.text C:\WINDOWS\system32\svchost.exe[1516] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00CC2D9A
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B2F34
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B2EFF
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 007B1C5E
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 007B2C42
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 007B2B78
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 007B1B3C
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 007B1BCD
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 007B2DB4
.text C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 007B2D9A
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01282F34
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01282EFF
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 01281C5E
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 01282C42
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 01282B78
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 01281B3C
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 01281BCD
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 01282DB4
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1632] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 01282D9A
.text C:\WINDOWS\system32\nvsvc32.exe[1832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F02F34
.text C:\WINDOWS\system32\nvsvc32.exe[1832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F02EFF
.text C:\WINDOWS\system32\nvsvc32.exe[1832] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00F01C5E
.text C:\WINDOWS\system32\nvsvc32.exe[1832] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00F02C42
.text C:\WINDOWS\system32\nvsvc32.exe[1832] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00F02B78
.text C:\WINDOWS\system32\nvsvc32.exe[1832] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00F01B3C
.text C:\WINDOWS\system32\nvsvc32.exe[1832] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00F01BCD
.text C:\WINDOWS\system32\nvsvc32.exe[1832] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00F02DB4
.text C:\WINDOWS\system32\nvsvc32.exe[1832] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00F02D9A
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B12F34
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B12EFF
.text C:\WINDOWS\system32\spoolsv.exe[1868] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00B11C5E
.text C:\WINDOWS\system32\spoolsv.exe[1868] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00B12C42
.text C:\WINDOWS\system32\spoolsv.exe[1868] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00B12B78
.text C:\WINDOWS\system32\spoolsv.exe[1868] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00B11B3C
.text C:\WINDOWS\system32\spoolsv.exe[1868] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00B11BCD
.text C:\WINDOWS\system32\spoolsv.exe[1868] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00B12DB4
.text C:\WINDOWS\system32\spoolsv.exe[1868] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00B12D9A
? C:\WINDOWS\System32\svchost.exe[2256] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00082F34
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00082EFF
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00081C5E
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00082C42
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00082B78
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00081B3C
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00081BCD
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00082DB4
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00082D9A
? C:\WINDOWS\System32\svchost.exe[2492] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00082F34
.text C:\WINDOWS\System32\svchost.exe[2492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00082EFF
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00081C5E
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00082C42
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00082B78
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00081B3C
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00081BCD
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00082DB4
.text C:\WINDOWS\System32\svchost.exe[2492] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00082D9A
.text C:\WINDOWS\stsystra.exe[2572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E2F34
.text C:\WINDOWS\stsystra.exe[2572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E2EFF
.text C:\WINDOWS\stsystra.exe[2572] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 009E1C5E
.text C:\WINDOWS\stsystra.exe[2572] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 009E2C42
.text C:\WINDOWS\stsystra.exe[2572] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 009E2B78
.text C:\WINDOWS\stsystra.exe[2572] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 009E1B3C
.text C:\WINDOWS\stsystra.exe[2572] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 009E1BCD
.text C:\WINDOWS\stsystra.exe[2572] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 009E2DB4
.text C:\WINDOWS\stsystra.exe[2572] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 009E2D9A
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B02F34
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B02EFF
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00B01C5E
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00B02C42
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00B02B78
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00B01B3C
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00B01BCD
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00B02DB4
.text C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe[2592] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00B02D9A
.text C:\WINDOWS\system32\msword98.exe[2652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A2F34
.text C:\WINDOWS\system32\msword98.exe[2652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A2EFF
.text C:\WINDOWS\system32\msword98.exe[2652] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 003A1C5E
.text C:\WINDOWS\system32\msword98.exe[2652] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 003A2C42
.text C:\WINDOWS\system32\msword98.exe[2652] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 003A2B78
.text C:\WINDOWS\system32\msword98.exe[2652] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 003A1B3C
.text C:\WINDOWS\system32\msword98.exe[2652] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 003A1BCD
.text C:\WINDOWS\system32\msword98.exe[2652] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 003A2DB4
.text C:\WINDOWS\system32\msword98.exe[2652] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 003A2D9A
? C:\WINDOWS\System32\svchost.exe[2664] image checksum mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00812F34
.text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00812EFF
.text C:\WINDOWS\System32\svchost.exe[2664] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00811C5E
.text C:\WINDOWS\System32\svchost.exe[2664] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00812C42
.text C:\WINDOWS\System32\svchost.exe[2664] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00812B78
.text C:\WINDOWS\System32\svchost.exe[2664] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00811B3C
.text C:\WINDOWS\System32\svchost.exe[2664] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00811BCD
.text C:\WINDOWS\System32\svchost.exe[2664] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00812DB4
.text C:\WINDOWS\System32\svchost.exe[2664] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00812D9A
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003F2F34
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003F2EFF
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 003F1C5E
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 003F2C42
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 003F2B78
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 003F1B3C
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 003F1BCD
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 003F2DB4
.text C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe[2792] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 003F2D9A
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A2F34
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A2EFF
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 003A1C5E
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 003A2C42
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 003A2B78
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 003A1B3C
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 003A1BCD
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 003A2DB4
.text C:\Documents and Settings\Doug Whitted\msword98.exe[2852] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 003A2D9A
? C:\WINDOWS\System32\svchost.exe[2924] image checksum mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[2924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00812F34
.text C:\WINDOWS\System32\svchost.exe[2924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00812EFF
.text C:\WINDOWS\System32\svchost.exe[2924] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00811C5E
.text C:\WINDOWS\System32\svchost.exe[2924] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00812C42
.text C:\WINDOWS\System32\svchost.exe[2924] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00812B78
.text C:\WINDOWS\System32\svchost.exe[2924] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00811B3C
.text C:\WINDOWS\System32\svchost.exe[2924] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00811BCD
.text C:\WINDOWS\System32\svchost.exe[2924] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00812DB4
.text C:\WINDOWS\System32\svchost.exe[2924] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00812D9A
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00152F34
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00152EFF
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] wininet.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00151C5E
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] wininet.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00152C42
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] wininet.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00152B78
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] wininet.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00151B3C
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] wininet.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00151BCD
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] wininet.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00152DB4
.text C:\Documents and Settings\Doug Whitted\Desktop\gpe48396.exe[2980] wininet.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00152D9A
.text C:\WINDOWS\Explorer.EXE[3172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017F2F34
.text C:\WINDOWS\Explorer.EXE[3172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017F2EFF
.text C:\WINDOWS\Explorer.EXE[3172] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 017F1C5E
.text C:\WINDOWS\Explorer.EXE[3172] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 017F2C42
.text C:\WINDOWS\Explorer.EXE[3172] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 017F2B78
.text C:\WINDOWS\Explorer.EXE[3172] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 017F1B3C
.text C:\WINDOWS\Explorer.EXE[3172] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 017F1BCD
.text C:\WINDOWS\Explorer.EXE[3172] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 017F2DB4
.text C:\WINDOWS\Explorer.EXE[3172] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 017F2D9A
? C:\WINDOWS\System32\svchost.exe[3880] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
.text C:\WINDOWS\System32\svchost.exe[3880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00082F34
.text C:\WINDOWS\System32\svchost.exe[3880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00082EFF
.text C:\WINDOWS\System32\svchost.exe[3880] WININET.dll!InternetCloseHandle 3D93DA71 5 Bytes JMP 00081C5E
.text C:\WINDOWS\System32\svchost.exe[3880] WININET.dll!InternetReadFile 3D94ABCC 5 Bytes JMP 00082C42
.text C:\WINDOWS\System32\svchost.exe[3880] WININET.dll!InternetQueryDataAvailable 3D94AE0D 5 Bytes JMP 00082B78
.text C:\WINDOWS\System32\svchost.exe[3880] WININET.dll!HttpSendRequestA 3D94CD50 5 Bytes JMP 00081B3C
.text C:\WINDOWS\System32\svchost.exe[3880] WININET.dll!HttpSendRequestW 3D960845 5 Bytes JMP 00081BCD
.text C:\WINDOWS\System32\svchost.exe[3880] WININET.dll!InternetReadFileExW 3D963F18 5 Bytes JMP 00082DB4
.text C:\WINDOWS\System32\svchost.exe[3880] WININET.dll!InternetReadFileExA 3D963F50 5 Bytes JMP 00082D9A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00045B01
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00045B01
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00045A4D
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000459E8
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000459B6
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00045B01
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 0004947D
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 0004941E
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 000493C1
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00046062
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00049448
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00045DBA
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0004947D
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00049448
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00046062
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0004941E
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 000493C1
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DefWindowProcA] 0004947D
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00045DBA
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00049448
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00046062
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00045B01
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00045A4D
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000459E8
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000459B6
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00045A4D
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00045B01
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00045A4D
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 000459E8
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00045DBA
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00049448
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00046062
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0004947D
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0004941E
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 000493C1
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00046062
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00049448
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00045DBA
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0004947D
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00049448
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00046062
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0004941E
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 000493C1
IAT C:\WINDOWS\system32\lsass.exe[800] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DefWindowProcA] 0004947D
IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D959B6
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00AF5B01
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00AF5A4D
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00AF59E8
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00AF59B6
IAT C:\WINDOWS\system32\svchost.exe[1040] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00AF5B01
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00AF5DBA
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00AF9448
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00AF6062
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 00AF947D
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 00AF941E
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 00AF93C1
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00AF6062
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00AF9448
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00AF5DBA
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 00AF947D
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00AF9448
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00AF6062
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 00AF941E
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 00AF93C1
IAT C:\WINDOWS\system32\svchost.exe[1040] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DefWindowProcA] 00AF947D
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 030B5B01
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 030B5A4D
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 030B59E8
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 030B59B6
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 030B5DBA
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 030B9448
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 030B6062
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 030B947D
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 030B9448
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 030B6062
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 030B941E
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 030B93C1
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 030B947D
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 030B941E
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 030B93C1
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 030B6062
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 030B9448
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 030B5DBA
IAT C:\WINDOWS\System32\svchost.exe[1172] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 030B5B01
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] 030B947D
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00275B01
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00275A4D
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 002759E8
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 002759B6
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] 0027947D
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndPaint] 0027941E
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!BeginPaint] 002793C1
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00276062
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] 00279448
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00275DBA
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0027947D
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00279448
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00276062
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0027941E
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 002793C1
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DefWindowProcA] 0027947D
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00275B01
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00275DBA
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00279448
IAT C:\WINDOWS\system32\svchost.exe[1344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00276062
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 81EC8B55
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 000208EC
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 57565300
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 01B1C033
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 000100BE
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] D1B60F00
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] F8158488
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 8AFFFFFE
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 80E280D1
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] F8058C88
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 40FFFFFD
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] D21ADAF6
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] E280D98A
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 32DB021B
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] B60F0040
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 18E2C1D1
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] D18A1089
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 8380E280
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] DAF604C0
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] E280D21A
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 32C9021B
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 6A000040
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] C9335B63
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 94B81D89
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0F410040
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] F80D84B6
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 8DFFFFFE
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] FFFEF795
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 8AD02BFF
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] D0C28A12
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] D0D032C0
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] D0D032C0
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] D0D032C0
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 32C232C0
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] C0B60FC3
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] B88D0489
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] 89004094
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] C4E0850C
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 3B410040
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 33C47CCE
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] 00FFBFC9
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 918A0000
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [004094B8] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 8024C28A
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] C01AD8F6
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] C332DB02
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 8AF0B60F
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] 40C4E099
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] D2B60F00
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] E0C1C68B
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] C1C23308
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C23308E0
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 3308E0C1
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 89C233C6
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 40C0E081
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 08C8C100
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] BCE08189
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C8C10040
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] E0818908
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C10040B8
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] 818908C8
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [0040B4E0] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 2674DB84
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 0395B60F
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 0FFFFFFF
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] FEF80584
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] C203FFFF
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] F7F78B99
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 84B60FFE
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] FFFDF815
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] FC4589FF
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 658304EB
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] DB8400FC
IAT C:\WINDOWS\system32\svchost.exe[1400] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] B60F2674
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00795B01
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00795A4D
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007959E8
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007959B6
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00795B01
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0079947D
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00799448
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00796062
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0079941E
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 007993C1
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0079947D
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0079941E
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 007993C1
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00796062
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00799448
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00795DBA
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00795DBA
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00799448
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00796062
IAT C:\Program Files\Maxtor\Sync\SyncServices.exe[1592] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DefWindowProcA] 0079947D
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F3689B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F34C42] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F25AD3] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF1C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C82FC08] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C810C2E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C821982] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C919BA0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C8650C8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C865C7F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C810BBC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C8350EF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C814F8A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80176F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C80A4C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C80FCCF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C812847] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80B56F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085B01
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085A4D
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000859E8
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000859B6
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085DBA
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] 00089448
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00086062
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] 0008947D
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] 00089448
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00086062
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndPaint] 0008941E
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!BeginPaint] 000893C1
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] 0008947D
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndPaint] 0008941E
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!BeginPaint] 000893C1
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00086062
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] 00089448
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00085DBA
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DefWindowProcA] 0008947D
IAT C:\WINDOWS\system32\wuauclt.exe[2344] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085B01
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F3689B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F34C42] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F25AD3] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF1C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C82FC08] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C810C2E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C821982] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C919BA0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C8650C8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C865C7F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C810BBC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C8350EF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C814F8A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80176F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C80A4C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C80FCCF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C812847] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80B56F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2492] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 64C03356
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 000030A1
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 0C408B00
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] AD1C708B
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 5E08408B
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 53EC8B55
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 558B5756
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8BDA8B08
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] FA033C7A
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 503F8166
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 03547545
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] FCFA03F2
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 0C6D8B55
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 96C203AD
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 3351FD87
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0FC180C9
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 0C72A6F3
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] FD875996
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 8166EEC5
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 2BEEB6EE
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] EBFE2BF1
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 66C033E3
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] E0C1078B
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 1C738B02
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] F003F203
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 5DC203AD
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 5D5B5E5F
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 83EC8B55
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 60A134EC
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 53700062
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 45895756
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] FF4AE8FC
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 2C68FFFF
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 50700051
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] E8E44589
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] FFFFFF5C
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 51200D8B
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 158B7000
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] A1DC4589
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7000511C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] A0EC4589
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [70005128] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 8908C483
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5589F04D
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] F84588F4
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 50EC458D
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 50E4458B
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 89DC55FF
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 558BCC45
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 3C4A8B08
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 80118C8B
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 03000000
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 04418BCA
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 4D89C085
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 8B0B75E0
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] C0850C41
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 00A2840F
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 018B0000
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] C203103C
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] FF85F203
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 89D44589
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 840FE475
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000080
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 83FFCE83
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] FF85FFCB
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] F78B0A79
IAT C:\WINDOWS\System32\svchost.exe[2664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] FFFFE681
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 64C03356
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 000030A1
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 0C408B00
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] AD1C708B
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 5E08408B
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 53EC8B55
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 558B5756
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8BDA8B08
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] FA033C7A
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 503F8166
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 03547545
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] FCFA03F2
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 0C6D8B55
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 96C203AD
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 3351FD87
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0FC180C9
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 0C72A6F3
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] FD875996
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 8166EEC5
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 2BEEB6EE
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] EBFE2BF1
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 66C033E3
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] E0C1078B
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 1C738B02
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] F003F203
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 5DC203AD
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 5D5B5E5F
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 83EC8B55
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 60A134EC
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 53700062
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 45895756
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] FF4AE8FC
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 2C68FFFF
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 50700051
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] E8E44589
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] FFFFFF5C
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 51200D8B
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 158B7000
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] A1DC4589
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7000511C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] A0EC4589
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [70005128] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 8908C483
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5589F04D
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] F84588F4
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 50EC458D
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 50E4458B
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 89DC55FF
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 558BCC45
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 3C4A8B08
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 80118C8B
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 03000000
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 04418BCA
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 4D89C085
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 8B0B75E0
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] C0850C41
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 00A2840F
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 018B0000
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] C203103C
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] FF85F203
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 89D44589
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 840FE475
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000080
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 83FFCE83
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] FF85FFCB
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] F78B0A79
IAT C:\WINDOWS\System32\svchost.exe[2924] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] FFFFE681
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F3689B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F34C42] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F25AD3] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF1C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838A3C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D302] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801D7B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80BE56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812FBD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C81127A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C80E9DF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809BE7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80EABB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C81CB12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C80C0F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C81CB3B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C82FC08] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C830D7C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C809AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C809EA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80BB41] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80934A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C810E27] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C810C2E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C821982] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80AC61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C812C56] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C919BA0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809F19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C8024B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C8650C8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C865C7F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C8104CC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C834D71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C814B92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C801A28] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C810BBC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C8350EF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80BEA1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C814F8A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C80176F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C80A4C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C801812] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C810B17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C831EDD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80AA6C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C80FCCF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809C98] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C812847] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8099B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C812F16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C92ABC5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C809AF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809B84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80B56F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3880] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C812FD9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs [8AAF9E01] Ntfs.sys[.reloc]
Device \FileSystem\Ntfs \Ntfs [8AB140E5] Ntfs.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat B3A6CD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156A32A-C512-4E23-AA9A-2315F4265681}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156A32A-C512-4E23-AA9A-2315F4265681}\iexplore@Flags 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156A32A-C512-4E23-AA9A-2315F4265681}\iexplore@Count 5
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\iexplore@Flags 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\iexplore@Count 42
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCA95E31-1FBF-4F84-8F23-1BA653007A1E}\iexplore@Type 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCA95E31-1FBF-4F84-8F23-1BA653007A1E}\iexplore@Flags 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCA95E31-1FBF-4F84-8F23-1BA653007A1E}\iexplore@Count 1

---- EOF - GMER 1.0.15 ----

#11 dbwhit

dbwhit
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 August 2009 - 07:57 PM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\9129837.exe
C:\WINDOWS\System32\msword98.exe
C:\WINDOWS\Explorer.exe
Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.



Sorry, I failed to see your post after I posted the GMER scan results @ 6:54 PM. I tried using the Jotti's scan, below are the results
:
C:\WINDOWS\9129837.exe 'Status: File is empty (0 bytes)'
C:\WINDOWS\System32\msword98.exe 'Status: File is empty (0 bytes)'

C:\WINDOWS\Explorer.exe

Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename: explorer.exe
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 12 Aug 2009 23:47:12 (CET) Permalink

Additional info
File size: 1033728 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 12896823fb95bfb3dc9b46bcaedc9923
SHA1: 9d2bf84874abc5b6e9a2744b7865c193c08d362f




Scanners
[ArcaVir]
2009-08-12 Found nothing
[G DATA]
2009-08-12 Found nothing
[A-Squared]
2009-08-12 Found nothing
[Ikarus]
2009-08-12 Found nothing
[Avast! antivirus]
2009-08-12 Found nothing
[Kaspersky Anti-Virus]
2009-08-12 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-12 Found nothing
[ESET NOD32]
2009-08-12 Found nothing
[Avira AntiVir]
2009-08-12 Found nothing
[Norman Virus Control]
2009-08-12 Found nothing
[Softwin BitDefender]
2009-08-10 Found nothing
[Panda Antivirus]
2009-08-12 Found nothing
[ClamAV]
2009-08-12 Found nothing
[Quick Heal]
2009-08-12 Found nothing
[CPsecure]
2009-08-12 Found nothing
[Sophos]
2009-08-12 Found nothing
[Dr.Web]
2009-08-12 Found nothing
[VirusBlokAda VBA32]
2009-08-11 Found nothing
[Frisk F-Prot Antivirus]
2009-08-12 Found nothing
[VirusBuster]
2009-08-12 Found nothing
[F-Secure Anti-Virus]
2009-08-12 Found nothing

#12 dbwhit

dbwhit
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 August 2009 - 08:51 PM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\9129837.exe
C:\WINDOWS\System32\msword98.exe
C:\WINDOWS\Explorer.exe
Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.



Sorry, I failed to see your post after I posted the GMER scan results @ 6:54 PM. I tried using the Jotti's scan, below are the results
:
C:\WINDOWS\9129837.exe 'Status: File is empty (0 bytes)'
C:\WINDOWS\System32\msword98.exe 'Status: File is empty (0 bytes)'

C:\WINDOWS\Explorer.exe

Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename: explorer.exe
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 12 Aug 2009 23:47:12 (CET) Permalink

Additional info
File size: 1033728 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 12896823fb95bfb3dc9b46bcaedc9923
SHA1: 9d2bf84874abc5b6e9a2744b7865c193c08d362f




Scanners
[ArcaVir]
2009-08-12 Found nothing
[G DATA]
2009-08-12 Found nothing
[A-Squared]
2009-08-12 Found nothing
[Ikarus]
2009-08-12 Found nothing
[Avast! antivirus]
2009-08-12 Found nothing
[Kaspersky Anti-Virus]
2009-08-12 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-12 Found nothing
[ESET NOD32]
2009-08-12 Found nothing
[Avira AntiVir]
2009-08-12 Found nothing
[Norman Virus Control]
2009-08-12 Found nothing
[Softwin BitDefender]
2009-08-10 Found nothing
[Panda Antivirus]
2009-08-12 Found nothing
[ClamAV]
2009-08-12 Found nothing
[Quick Heal]
2009-08-12 Found nothing
[CPsecure]
2009-08-12 Found nothing
[Sophos]
2009-08-12 Found nothing
[Dr.Web]
2009-08-12 Found nothing
[VirusBlokAda VBA32]
2009-08-11 Found nothing
[Frisk F-Prot Antivirus]
2009-08-12 Found nothing
[VirusBuster]
2009-08-12 Found nothing
[F-Secure Anti-Virus]
2009-08-12 Found nothing



Now, I'm not sure if this is relevant but the 2 files, 9129837.exe & msword98.exe have a small file size. These 2 files their size is listed as follows::
C:\WINDOWS\9129837.exe (60.5KB)
C:\WINDOWS\System32\msword98.exe (26.0KB)


#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:58 PM

Posted 16 August 2009 - 07:51 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - C:\WINDOWS\System32\msword98.exe ()
    PRC - C:\WINDOWS\9129837.exe (Heaventools Software)
    PRC - C:\Documents and Settings\Doug Whitted\msword98.exe ()
    O4 - HKLM..\Run: [braviax] File not found
    O4 - HKLM..\Run: [msword98] C:\WINDOWS\System32\msword98.exe ()
    O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
    O4 - HKCU..\Run: [braviax] File not found
    O4 - HKCU..\Run: [msword98] C:\Documents and Settings\Doug Whitted\msword98.exe ()
    O4 - HKCU..\Run: [ttool] C:\WINDOWS\9129837.exe (Heaventools Software)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe ()
    O32 - AutoRun File - [2009/06/10 17:22:37 | 00,000,055 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
    2009/08/15 15:28:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\lowsec
    [2009/08/14 14:36:27 | 00,061,952 | ---- | C] (Heaventools Software) -- C:\WINDOWS\9129837.exe
    [2009/08/14 14:36:26 | 00,026,686 | ---- | C] () -- C:\WINDOWS\System32\msword98.exe
    
    :files
    C:\msword98.exe /s
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 dbwhit

dbwhit
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 16 August 2009 - 12:50 PM

Ok...OTL ran w/ provided settings, but when rebooted it frooze. I left it in reboot phase for approx 1 hr...Did a manual reboot (held pwr button in for 5 sec.), when Windows loaded I was prompted to run OTL & it provided the log below.

MALWAREBYTES- As mentioned earlier, I already had Malwarebytes installed. Thinking that you were wanting a fresh install, I downloaded & reinstalled over existing. When it was complete & reboot was performed, OTL was prompted to run? Malwarebytes log posted below OTL log.

OTL RESULT LOG

All processes killed
========== OTL ==========
No active process named msword98.exe was found!
No active process named 9129837.exe was found!
No active process named msword98.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msword98 not found.
File C:\WINDOWS\System32\msword98.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msword98 not found.
File C:\Documents and Settings\Doug Whitted\msword98.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ttool not found.
File C:\WINDOWS\9129837.exe not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe scheduled to be deleted on reboot.
File C:\WINDOWS\System32\sdra64.exe not found.
J:\autorun.inf moved successfully.
File C:\WINDOWS\9129837.exe not found.
File C:\WINDOWS\System32\msword98.exe not found.
========== FILES ==========
File\Folder C:\msword98.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 14071802 bytes
->Temporary Internet Files folder emptied: 1015570 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Doug Whitted
->Temp folder emptied: 4217907 bytes
File delete failed. C:\Documents and Settings\Doug Whitted\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2751278 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116749953 bytes
->Apple Safari cache emptied: 0 bytes

User: End User

User: Guest
->Temp folder emptied: 3859 bytes
->Temporary Internet Files folder emptied: 487749 bytes
->FireFox cache emptied: 17444536 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1488789 bytes

User: tristan
->Temp folder emptied: 368136139 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 4823645 bytes
->FireFox cache emptied: 82807567 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1f5b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wpv111250194459.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wpv991250109698.exe scheduled to be deleted on reboot.
Windows Temp folder emptied: 2376506 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 590.01 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08162009_121914

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_1f5b4.dat moved successfully.
File\Folder C:\WINDOWS\temp\wpv111250194459.exe not found!
File\Folder C:\WINDOWS\temp\wpv991250109698.exe not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe scheduled to be deleted on reboot.

MALWAREBYTES RESULT LOG

Malwarebytes' Anti-Malware 1.40
Database version: 2635
Windows 5.1.2600 Service Pack 3

8/16/2009 2:08:41 PM
mbam-log-2009-08-16 (14-08-41).txt

Scan type: Quick Scan
Objects scanned: 118896
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bca95e31-1fbf-4f84-8f23-1ba653007a1e} (Adware.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{994b5fb4-0103-44a6-b6b3-c73572b362bc} (Adware.BHO) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Doug Whitted\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug Whitted\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug Whitted\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Edited by dbwhit, 16 August 2009 - 01:27 PM.


#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:58 PM

Posted 16 August 2009 - 01:35 PM

Ok looks better please do the following:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.
(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users