Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my computers and network are infected by something bad!


  • This topic is locked This topic is locked
10 replies to this topic

#1 budigans

budigans

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 07 November 2009 - 03:12 PM

I have something that puts three porn icons on my desktop and changes multiple files. I am not able to get anti virus updates or go to any site that could help me. I have re-installed my OS 3 times and as soon as I connect to the internet the virus pops up again. I have wiped the computer and connected to a brand new router and still have the virus. I removed ram and motherboard battery before reinstall of OS. Virus also crossed over to all computers on my network. Reinstall was done with one computer and router to prevent possible cross contamination.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2002/01/09 22:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBAAEB000 Size: 90112 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF799F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: pxtdqpow.sys
Image Path: C:\DOCUME~1\gela\LOCALS~1\Temp\pxtdqpow.sys
Address: 0xB9664000 Size: 87040 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\System32\drivers\rootrepeal.sys
Address: 0xB994E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-21D5AA49.pf
Status: Visible to the Windows API, but not on disk.

==EOF==



DDS (Ver_09-10-26.01) - NTFSx86
Run by gela at 22:35:00.73 on Wed 01/09/2002
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1535.1134 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
svchost.exe C:\WINDOWS\TEMP\VRT12.tmp
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gela\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://join.clonecashsystem.com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Protection System] c:\program files\protection system\psystem.exe
uRun: [Security Center] c:\windows\sc.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mExplorerRun: [exec] c:\windows\fonts\services.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\windows\system32\kbdnet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gela\applic~1\mozilla\firefox\profiles\w1etkkgw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 12800]
S2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2003-3-31 67584]

=============== Created Last 30 ================

2002-08-29 03:41:32 286720 ----a-w- c:\windows\system32\msh263.drv
2002-08-29 03:41:20 264704 ----a-w- c:\windows\system32\wzcsvc.dll
2002-08-29 03:41:20 23552 ----a-w- c:\windows\system32\wzcsapi.dll
2002-08-29 03:41:10 31744 ----a-w- c:\windows\system32\pid.dll
2002-08-29 02:13:42 131712 ----a-w- c:\windows\system32\drivers\ks.sys
2002-08-29 01:35:44 9856 ----a-w- c:\windows\system32\drivers\tunmp.sys
2002-08-29 01:35:42 12288 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2002-08-29 01:33:32 57984 ----a-w- c:\windows\system32\drivers\nic1394.sys
2002-08-29 01:33:30 57344 ----a-w- c:\windows\system32\drivers\arp1394.sys
2002-08-29 01:33:16 24448 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2002-08-29 01:32:56 15232 ----a-w- c:\windows\system32\drivers\usbintel.sys
2002-08-29 01:32:34 44416 ----a-w- c:\windows\system32\drivers\stream.sys
2002-08-29 01:27:32 76032 ----a-w- c:\windows\system32\drivers\parport.sys
2002-08-29 01:27:02 22016 ----a-w- c:\windows\system32\drivers\mouclass.sys
2002-08-29 01:05:08 32512 ----a-w- c:\windows\system32\drivers\amdk7.sys
2002-08-29 01:05:08 31488 ----a-w- c:\windows\system32\drivers\crusoe.sys
2002-08-29 01:05:06 37504 ----a-w- c:\windows\system32\drivers\p3.sys
2002-08-29 01:05:06 32000 ----a-w- c:\windows\system32\drivers\amdk6.sys
2002-08-29 01:05:06 30592 ----a-w- c:\windows\system32\drivers\processr.sys
2002-08-29 01:04:56 1920512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2002-01-09 05:01:17 0 d-s---w- c:\documents and settings\gela\UserData
2002-01-09 04:40:38 350 ----a-w- c:\windows\system32\uses32.dat
2002-01-09 04:40:38 100 ----a-w- c:\windows\system32\flags.ini
2002-01-09 04:27:11 62496 ----a-w- c:\windows\system32\MSWINSCK.OCX
2002-01-09 04:27:11 258048 ----a-w- c:\windows\system32\5613779.exe
2002-01-09 03:56:45 0 d-----w- c:\program files\Protection System
2002-01-09 03:51:55 0 d-----w- c:\windows\pss
2002-01-08 20:15:10 0 d-sh--w- c:\windows\Installer
2002-01-08 12:08:36 0 d-sh--w- c:\documents and settings\all users\DRM
2002-01-08 12:06:26 0 d-----w- c:\program files\common files\MSSoap
2002-01-08 12:04:46 0 d--h--w- c:\program files\WindowsUpdate
2002-01-08 12:04:46 0 d-----w- c:\program files\Online Services
2002-01-08 12:04:37 0 d-----w- c:\program files\Messenger
2002-01-08 12:04:30 0 d-----w- c:\program files\MSN Gaming Zone
2002-01-08 12:03:27 0 d-----w- c:\program files\Windows NT
2002-01-08 06:37:50 0 d-----w- c:\program files\common files\ODBC
2002-01-08 06:37:47 0 d-----w- c:\program files\common files\SpeechEngines
2002-01-08 06:37:20 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-10-17 22:34:00 483328 ----a-w- c:\windows\system32\nvunrm.exe
2009-10-17 22:34:00 483328 ----a-r- c:\windows\system32\nvuninst.exe
2008-02-19 13:43:00 199168 ----a-r- c:\windows\system32\fdco1ins.dll
2008-02-19 13:43:00 199168 ----a-r- c:\windows\system32\fdco1.dll
2008-01-29 08:07:00 950272 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2008-01-29 08:07:00 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2008-01-29 08:07:00 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2008-01-29 08:06:00 9216 ----a-r- c:\windows\system32\bdco1ins.dll
2008-01-29 08:06:00 9216 ----a-r- c:\windows\system32\bdco1.dll
2008-01-29 07:43:00 35840 ----a-r- c:\windows\system32\nvconrm.dll
2008-01-17 01:47:00 3948 ----a-r- c:\windows\system32\drivers\nvphy.bin
2002-08-29 08:46:42 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2002-08-29 06:06:36 182400 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2002-08-29 03:41:18 71168 ----a-w- c:\windows\system32\storprop.dll
2002-08-29 01:27:46 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2002-01-09 04:41:32 382976 ----a-w- c:\windows\sc.exe
2002-01-08 12:05:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 22:35:05.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:58 AM

Posted 12 November 2009 - 04:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 budigans

budigans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 12 November 2009 - 06:41 PM

DDS (Ver_09-10-26.01) - NTFSx86
Run by gela at 2:10:35.50 on Tue 01/15/2002
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1535.1204 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\earcm.exe
svchost.exe
C:\WINDOWS\System32\ciloy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\sc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\DOCUME~1\gela\LOCALS~1\Temp\4179643.exe
C:\WINDOWS\System32\Sveran.exe
C:\DOCUME~1\gela\LOCALS~1\Temp\4325044.exe
C:\WINDOWS\TEMP\VRT2.tmp
C:\WINDOWS\System32\lsm32.sys
C:\WINDOWS\TEMP\VRT4.tmp
C:\WINDOWS\System32\Rundll32.exe
svchost.exe C:\WINDOWS\TEMP\VRT5.tmp
C:\WINDOWS\isvchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Documents and Settings\gela\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.webweb123.com
mStart Page = hxxp://www.webweb123.com
uWindows: load=c:\windows\fonts\services.exe
uWindows: run=c:\windows\fonts\services.exe
BHO: 工程1.IE360: {c5aa3460-d54c-4131-8e3c-5f3ec9446bd5} - c:\windows\system32\QingYL.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Security Center] c:\windows\sc.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [msnmager] c:\windows\system32\rundll32.exe c:\windows\temp\faccgg.dll,Set1
mRun: [ctfmon] RUNDLL32.EXE c:\windows\system32\fgjk4wvb.dll,w
mExplorerRun: [exec] c:\windows\fonts\services.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\windows\system32\rdolib.dll
mASetup: {43fR72BA-R2h9-13R1-bRbf-eaKfR836gWl5} - %SystemRoot%\system32\winnt.exe
mASetup: {43fz72BA-z2h9-13Y1-bYbf-eaKfY836gYl5} - %SystemRoot%\system32\332.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gela\applic~1\mozilla\firefox\profiles\w1etkkgw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 12800]
R2 Description;服务托管 Internet 密钥交换(IKE)和身份验证 Internet 协议(AuthIP)键控模块。;c:\windows\system32\earcm.exe [2002-1-14 38912]
R2 Iprip;MicroSoft Protected Network;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 12800]
R2 NationalSer1.5;National Instruments Domain Service1.5;c:\windows\system32\ciloy.exe [2002-1-14 55296]
S2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2003-3-31 67072]
S2 Nationalbbs;Nationalkjj Instruments Domain Service;c:\windows\system32\ssyqsw.exe [2002-1-14 97792]
S2 NetLogin;Net Login;c:\windows\svchost.exe [2002-1-14 1169408]
S3 daqdrv;daqdrv;c:\windows\system32\daqdrv.sys [2003-3-31 2304]

=============== Created Last 30 ================

2009-01-16 23:24:20 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2008-12-04 14:28:20 24344 ----a-w- c:\windows\system32\PhysXDevice.dll
2008-11-26 13:55:02 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe
2008-11-25 13:38:10 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe
2008-11-25 13:38:08 214296 ----a-w- c:\windows\system32\PhysX.cpl
2008-10-07 14:13:30 197912 ----a-w- c:\windows\system32\physxcudart_20.dll
2008-10-07 14:13:22 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 14:13:20 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 14:13:20 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 14:13:20 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 14:13:20 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 14:13:20 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll
2008-10-07 14:13:20 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 14:13:20 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll
2008-10-07 14:13:20 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll
2004-08-18 01:00:00 73728 ---h--w- c:\windows\system32\Ipripex.dll
2002-08-29 03:41:32 286720 ----a-w- c:\windows\system32\msh263.drv
2002-08-29 03:41:20 264704 ----a-w- c:\windows\system32\wzcsvc.dll
2002-08-29 03:41:20 23552 ----a-w- c:\windows\system32\wzcsapi.dll
2002-08-29 03:41:10 31744 ----a-w- c:\windows\system32\pid.dll
2002-08-29 02:13:42 131712 ----a-w- c:\windows\system32\drivers\ks.sys
2002-08-29 01:35:44 9856 ----a-w- c:\windows\system32\drivers\tunmp.sys
2002-08-29 01:35:42 12288 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2002-08-29 01:33:32 57984 ----a-w- c:\windows\system32\drivers\nic1394.sys
2002-08-29 01:33:30 57344 ----a-w- c:\windows\system32\drivers\arp1394.sys
2002-08-29 01:33:16 24448 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2002-08-29 01:32:56 15232 ----a-w- c:\windows\system32\drivers\usbintel.sys
2002-08-29 01:32:34 44416 ----a-w- c:\windows\system32\drivers\stream.sys
2002-08-29 01:27:32 76032 ----a-w- c:\windows\system32\drivers\parport.sys
2002-08-29 01:27:02 22016 ----a-w- c:\windows\system32\drivers\mouclass.sys
2002-08-29 01:05:08 32512 ----a-w- c:\windows\system32\drivers\amdk7.sys
2002-08-29 01:05:08 31488 ----a-w- c:\windows\system32\drivers\crusoe.sys
2002-08-29 01:05:06 37504 ----a-w- c:\windows\system32\drivers\p3.sys
2002-08-29 01:05:06 32000 ----a-w- c:\windows\system32\drivers\amdk6.sys
2002-08-29 01:05:06 30592 ----a-w- c:\windows\system32\drivers\processr.sys
2002-08-29 01:04:56 1920512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2002-01-15 07:10:09 88576 ----a-w- c:\windows\system32\8.tmp
2002-01-15 07:10:08 44 ----a-w- c:\windows\system32\7.tmp
2002-01-15 07:10:06 61440 ----a-w- c:\windows\system32\fgjk4wvb.dll
2002-01-15 07:10:03 868 ----a-w- c:\windows\system32\9439355.exe
2002-01-14 22:00:48 38912 ----a-w- c:\windows\system32\earcm.exe
2002-01-14 20:41:48 88576 ----a-w- c:\windows\system32\6.tmp
2002-01-14 20:41:47 44 ----a-w- c:\windows\system32\5.tmp
2002-01-14 12:15:30 55296 ----a-w- c:\windows\system32\ciloy.exe
2002-01-14 12:12:13 0 d-----w- c:\program files\Yahoo!
2002-01-14 07:38:24 0 d-----w- c:\windows\system32\AGEIA
2002-01-14 07:28:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2002-01-14 07:27:19 210919 ----a-w- c:\windows\system32\nvapps.xml
2002-01-14 07:27:19 0 d-----w- c:\windows\nview
2002-01-14 07:27:18 453152 ----a-w- c:\windows\system32\nvudisp.exe
2002-01-14 07:27:18 18795 ----a-w- c:\windows\system32\nvdisp.nvu
2002-01-14 07:26:41 97792 ----a-w- c:\windows\system32\ssyqsw.exe
2002-01-14 07:26:39 6144 ----a-w- c:\windows\system32\WinRAR.dll
2002-01-14 07:26:38 58368 ----a-w- c:\windows\system32\332.exe
2002-01-14 07:26:37 152 ----a-w- c:\windows\system32\api.reg
2002-01-14 07:26:36 40960 ----a-w- c:\windows\system32\rass32.exe
2002-01-14 07:26:34 32768 ----a-w- c:\windows\system32\QingYL.dll
2002-01-14 07:26:33 58880 ----a-w- c:\windows\system32\winnt.exe
2002-01-14 07:26:33 28160 ----a-w- c:\windows\system32\Sveran.exe
2002-01-14 07:26:32 48640 --sha-r- c:\windows\system32\W1NL0g0.exe
2002-01-14 07:26:05 309212 ----a-w- c:\windows\sv1.exe
2002-01-14 07:26:02 0 d-----w- C:\NVIDIA
2002-01-14 07:25:46 745950 ----a-w- c:\windows\svchust.exe
2002-01-14 07:25:29 1169408 ----a-w- c:\windows\svchost.exe
2002-01-14 07:25:18 601050 ----a-w- c:\windows\isvchost.exe
2002-01-14 07:25:17 0 ----a-w- c:\windows\system32\4.tmp
2002-01-14 07:25:15 88576 ----a-w- c:\windows\system32\3.tmp
2002-01-14 07:25:15 44 ----a-w- c:\windows\system32\2.tmp
2002-01-14 07:22:28 0 d-s---w- c:\windows\system32\Microsoft
2002-01-09 05:01:17 0 d-s---w- c:\documents and settings\gela\UserData
2002-01-09 04:40:38 348 ----a-w- c:\windows\system32\uses32.dat
2002-01-09 04:40:38 100 ----a-w- c:\windows\system32\flags.ini
2002-01-09 04:27:11 62496 ----a-w- c:\windows\system32\MSWINSCK.OCX
2002-01-09 04:27:11 258048 ----a-w- c:\windows\system32\5613779.exe
2002-01-09 03:56:45 0 d-----w- c:\program files\Protection System
2002-01-09 03:51:55 0 d-----w- c:\windows\pss
2002-01-08 20:15:10 0 d-sh--w- c:\windows\Installer
2002-01-08 12:08:36 0 d-sh--w- c:\documents and settings\all users\DRM
2002-01-08 12:06:26 0 d-----w- c:\program files\common files\MSSoap
2002-01-08 12:04:46 0 d--h--w- c:\program files\WindowsUpdate
2002-01-08 12:04:46 0 d-----w- c:\program files\Online Services
2002-01-08 12:04:37 0 d-----w- c:\program files\Messenger
2002-01-08 12:04:30 0 d-----w- c:\program files\MSN Gaming Zone
2002-01-08 12:03:27 0 d-----w- c:\program files\Windows NT
2002-01-08 06:37:50 0 d-----w- c:\program files\common files\ODBC
2002-01-08 06:37:47 0 d-----w- c:\program files\common files\SpeechEngines
2002-01-08 06:37:20 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-10-17 22:34:00 483328 ----a-w- c:\windows\system32\nvunrm.exe
2009-02-05 15:54:14 453152 ----a-w- c:\windows\system32\nvuninst.exe
2008-02-19 13:43:00 199168 ----a-r- c:\windows\system32\fdco1ins.dll
2008-02-19 13:43:00 199168 ----a-r- c:\windows\system32\fdco1.dll
2008-01-29 08:07:00 950272 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2008-01-29 08:07:00 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2008-01-29 08:07:00 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2008-01-29 08:06:00 9216 ----a-r- c:\windows\system32\bdco1ins.dll
2008-01-29 08:06:00 9216 ----a-r- c:\windows\system32\bdco1.dll
2008-01-29 07:43:00 35840 ----a-r- c:\windows\system32\nvconrm.dll
2008-01-17 01:47:00 3948 ----a-r- c:\windows\system32\drivers\nvphy.bin
2005-05-04 19:45:36 98304 ----a-w- c:\windows\system32\msiexec.exe
2005-05-04 19:45:36 884736 ----a-w- c:\windows\system32\msimsg.dll
2005-05-04 19:45:36 271360 ----a-w- c:\windows\system32\msihnd.dll
2005-05-04 19:45:36 15360 ----a-w- c:\windows\system32\msisip.dll
2005-05-04 19:45:32 2890240 ----a-w- c:\windows\system32\msi.dll
2002-08-29 08:46:42 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2002-08-29 06:06:36 182400 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2002-08-29 03:41:18 71168 ----a-w- c:\windows\system32\storprop.dll
2002-08-29 01:27:46 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2002-01-09 04:41:32 382976 ----a-w- c:\windows\sc.exe
2002-01-08 12:05:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 2:10:42.34 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:58 PM

Posted 14 November 2009 - 09:42 AM

Hello, budigans
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.







Step 1

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.








Step 2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 budigans

budigans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 17 November 2009 - 04:50 PM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2002-01-19 23:47:12
Windows 5.1.2600 Service Pack 1
Running: 68mjh63b.exe; Driver: C:\DOCUME~1\gela\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

Code 89852500 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\drivers\tcpsr.sys The system cannot find the file specified. !
.text ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[204] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[204] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[204] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[204] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[204] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[204] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[204] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\System32\svchost.exe[212] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[212] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\System32\svchost.exe[232] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[232] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[232] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[232] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[232] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[232] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[232] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\System32\svchost.exe[240] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[240] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[240] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[240] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[240] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[240] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[240] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\System32\svchost.exe[248] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[248] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[248] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[248] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[248] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[248] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[248] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FF946EA
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FF94779
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FF94786
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FF94A0A
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FF9476F
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FF947C7
.text C:\WINDOWS\system32\services.exe[724] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FF946EA
.text C:\WINDOWS\system32\services.exe[724] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FF94779
.text C:\WINDOWS\system32\services.exe[724] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FF94786
.text C:\WINDOWS\system32\services.exe[724] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FF94A0A
.text C:\WINDOWS\system32\services.exe[724] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FF9476F
.text C:\WINDOWS\system32\services.exe[724] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FF947C7
.text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FF946EA
.text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FF94779
.text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FF94786
.text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FF94A0A
.text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FF9476F
.text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FF947C7
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[1012] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\system32\spoolsv.exe[1424] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\system32\spoolsv.exe[1424] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\system32\spoolsv.exe[1424] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\system32\spoolsv.exe[1424] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\system32\spoolsv.exe[1424] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\system32\spoolsv.exe[1424] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\wpabaln.exe[1468] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\wpabaln.exe[1468] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\wpabaln.exe[1468] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\wpabaln.exe[1468] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\wpabaln.exe[1468] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\wpabaln.exe[1468] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.reloc C:\WINDOWS\Explorer.EXE[1672] C:\WINDOWS\Explorer.EXE section is executable [0x010F4000, 0x8600, 0xE0000040]
.reloc C:\WINDOWS\Explorer.EXE[1672] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010FBE78]
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\TEMP\VRTB.tmp[1856] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\TEMP\VRTB.tmp[1856] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\TEMP\VRTB.tmp[1856] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\TEMP\VRTB.tmp[1856] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\TEMP\VRTB.tmp[1856] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\TEMP\VRTB.tmp[1856] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\RUNDLL32.EXE[1884] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\RUNDLL32.EXE[1884] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\RUNDLL32.EXE[1884] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\RUNDLL32.EXE[1884] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\RUNDLL32.EXE[1884] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\RUNDLL32.EXE[1884] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\System32\svchost.exe[2612] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[2612] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[2612] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[2612] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[2612] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[2612] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[2612] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\ciloy.exe[3236] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\ciloy.exe[3236] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\ciloy.exe[3236] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\ciloy.exe[3236] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\ciloy.exe[3236] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\ciloy.exe[3236] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\RTHDCPL.EXE[3276] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\RTHDCPL.EXE[3276] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\RTHDCPL.EXE[3276] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\RTHDCPL.EXE[3276] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\RTHDCPL.EXE[3276] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\RTHDCPL.EXE[3276] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\svchost.exe[3320] time/date stamp mismatch; unknown module: oleaut32.dllunknown module: version.dllunknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: URLMON.DLLunknown module: wsock32.dll
.rsrc C:\WINDOWS\svchost.exe[3320] C:\WINDOWS\svchost.exe section is executable [0x00490000, 0x93000, 0xE0000040]
.rsrc C:\WINDOWS\svchost.exe[3320] C:\WINDOWS\svchost.exe entry point in ".rsrc" section [0x00522AB2]
.text C:\WINDOWS\svchost.exe[3320] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\svchost.exe[3320] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\svchost.exe[3320] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\svchost.exe[3320] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\svchost.exe[3320] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\svchost.exe[3320] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\nvsvc32.exe[3360] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\nvsvc32.exe[3360] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\nvsvc32.exe[3360] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\nvsvc32.exe[3360] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\nvsvc32.exe[3360] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\nvsvc32.exe[3360] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\svchost.exe[3476] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[3476] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[3476] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[3476] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[3476] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[3476] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\reader_s.exe[3604] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\reader_s.exe[3604] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\reader_s.exe[3604] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\reader_s.exe[3604] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\reader_s.exe[3604] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\reader_s.exe[3604] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\System32\svchost.exe[3804] image checksum mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\Documents and Settings\gela\reader_s.exe[3896] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\Documents and Settings\gela\reader_s.exe[3896] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\Documents and Settings\gela\reader_s.exe[3896] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\Documents and Settings\gela\reader_s.exe[3896] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\Documents and Settings\gela\reader_s.exe[3896] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\Documents and Settings\gela\reader_s.exe[3896] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] WS2_32.dll!WSARecv 71AB19A0 5 Bytes JMP 007A5E97 C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] WS2_32.dll!closesocket 71AB1A6D 5 Bytes JMP 007A5F3F C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] WS2_32.dll!send 71AB1AF4 5 Bytes JMP 007A5D18 C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] WS2_32.dll!recv 71AB5690 5 Bytes JMP 007A5D8B C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] WS2_32.dll!WSASend 71AB5722 5 Bytes JMP 007A5DFD C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
? C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] IMAGE_DOS_SIGNATURE not found;
.reloc C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe section is executable [0x0042C000, 0x5200, 0xE0000040]
.reloc C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe entry point in ".reloc" section [0x00430BC6]
.text C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\FastNetSrv.exe[4132] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\FastNetSrv.exe[4132] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\FastNetSrv.exe[4132] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\FastNetSrv.exe[4132] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\FastNetSrv.exe[4132] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\FastNetSrv.exe[4132] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\System32\svchost.exe[4136] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[4136] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[4136] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[4136] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[4136] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[4136] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[4136] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
? C:\WINDOWS\System32\svchost.exe[4196] image checksum mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[4196] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[4196] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[4196] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[4196] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[4196] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[4196] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\System32\wmdtc.exe[4744] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\wmdtc.exe[4744] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\wmdtc.exe[4744] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\wmdtc.exe[4744] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\wmdtc.exe[4744] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\wmdtc.exe[4744] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\DOCUME~1\gela\LOCALS~1\Temp\notepad.exe[5260] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\DOCUME~1\gela\LOCALS~1\Temp\notepad.exe[5260] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\DOCUME~1\gela\LOCALS~1\Temp\notepad.exe[5260] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\DOCUME~1\gela\LOCALS~1\Temp\notepad.exe[5260] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\DOCUME~1\gela\LOCALS~1\Temp\notepad.exe[5260] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\DOCUME~1\gela\LOCALS~1\Temp\notepad.exe[5260] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\system32\svchost.exe[5444] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\system32\svchost.exe[5444] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\system32\svchost.exe[5444] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\system32\svchost.exe[5444] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\system32\svchost.exe[5444] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\system32\svchost.exe[5444] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\DOCUME~1\gela\LOCALS~1\Temp\winamp.exe[5572] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\DOCUME~1\gela\LOCALS~1\Temp\winamp.exe[5572] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\DOCUME~1\gela\LOCALS~1\Temp\winamp.exe[5572] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\DOCUME~1\gela\LOCALS~1\Temp\winamp.exe[5572] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\DOCUME~1\gela\LOCALS~1\Temp\winamp.exe[5572] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\DOCUME~1\gela\LOCALS~1\Temp\winamp.exe[5572] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ws2_32.dll!WSARecv 71AB19A0 5 Bytes JMP 10005E97 C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ws2_32.dll!closesocket 71AB1A6D 5 Bytes JMP 10005F3F C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ws2_32.dll!send 71AB1AF4 5 Bytes JMP 10005D18 C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ws2_32.dll!recv 71AB5690 5 Bytes JMP 10005D8B C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6576] ws2_32.dll!WSASend 71AB5722 5 Bytes JMP 10005DFD C:\WINDOWS\System32\rdolib.dll (Microsoft RDO Library/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[6612] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\System32\svchost.exe[6612] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\System32\svchost.exe[6612] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\System32\svchost.exe[6612] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\System32\svchost.exe[6612] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\System32\svchost.exe[6612] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\WINDOWS\TEMP\VRTB.tmp[7296] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\WINDOWS\TEMP\VRTB.tmp[7296] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\WINDOWS\TEMP\VRTB.tmp[7296] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\WINDOWS\TEMP\VRTB.tmp[7296] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\WINDOWS\TEMP\VRTB.tmp[7296] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\WINDOWS\TEMP\VRTB.tmp[7296] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7
.text C:\Documents and Settings\gela\Desktop\68mjh63b.exe[7944] ntdll.dll!NtCreateFile 77F7595E 5 Bytes CALL 7FFA46EA
.text C:\Documents and Settings\gela\Desktop\68mjh63b.exe[7944] ntdll.dll!NtCreateProcess 77F759F4 5 Bytes CALL 7FFA4779
.text C:\Documents and Settings\gela\Desktop\68mjh63b.exe[7944] ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes CALL 7FFA4786
.text C:\Documents and Settings\gela\Desktop\68mjh63b.exe[7944] ntdll.dll!NtDeviceIoControlFile 77F75B11 5 Bytes CALL 7FFA4A0A
.text C:\Documents and Settings\gela\Desktop\68mjh63b.exe[7944] ntdll.dll!NtOpenFile 77F75DFB 5 Bytes CALL 7FFA476F
.text C:\Documents and Settings\gela\Desktop\68mjh63b.exe[7944] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes CALL 7FFA47C7

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 046AC35D
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 433E58B8
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 56077401
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] C68B5900
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 07740108
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[204] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 8D570CC7
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 046AC35D
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 433E58B8
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 56077401
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] C68B5900
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 07740108
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 8D570CC7
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 046AC35D
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 433E58B8
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 56077401
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] C68B5900
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 07740108
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[232] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 8D570CC7
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 9B8401C7
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 46E90043
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 560001AA
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [00439B84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 01AA38E8
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] AC0FE856
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 046AC35D
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 433E58B8
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] F0A4E800
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] F18B0001
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 0001A906
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [00439B90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 001D67E8
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0001F156
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 000022DD
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 0001A999
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 56077401
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 01AB68E8
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] C68B5900
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 9B9C01C7
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00439B9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 07740108
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] AB3BE856
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [00433E58] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 01F009E8
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] DEE85708
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830001A8
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 8D570CC7
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DDDF0E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77E28B02] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE024F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6B90] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD211E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 00000000
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77E61BEA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77E760E1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77F51502] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77E7177A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77E7A6F0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77E7F13A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77E7B476] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E7638B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [77E6D2CF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E6FFA0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E75577] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E7B77F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E616B8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [77E930C0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [77E7E5A1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77D4A6E3] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 00000000
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [71AB2BBF] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [71AB1836] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [71AB41DA] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [71AB1746] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [71AB1A6D] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [71AB8629] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [71AB1740] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [71AB1AF4] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [71AB3F8D] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [71AB3E5D] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [71AB3C22] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 00000000
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 00000000
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 00000000
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 4AF4A3C6
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 00000000
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 00000002
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 0000004C
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 000011E4
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 000005E4
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 4C494146
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00004445
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 00004B4F
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 0A0D0A0D
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 00000000
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 54534F50
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 48202F20
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 2F505454
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 0D302E31
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 6E6F430A
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 746E6574
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 6E654C2D
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 00000020
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 2E333132
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 2E383031
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 312E3635
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 00003636
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00006425
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 61746164
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 0000003D
IAT C:\WINDOWS\System32\svchost.exe[248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 7379732E
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 0090EC81
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 24B90000
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 56000000
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9824B48B
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 57000000
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 08247C8D
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 848BA5F3
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00008C24
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 40048D00
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8D80048D
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 048D8004
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 80048D80
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 5005E0C1
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 00000100
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 5EC03300
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 0090C481
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 04C20000
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 90909090
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 90909090
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 57565300
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 840FC085
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 00000621
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 1024748B
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] D67405C7
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 00000040
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 868B0000
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 0000008C
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 17F88348
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0603870F
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] C9330000
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 16CC888A
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 24FF0040
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 4016988D
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 88868B00
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 8B000000
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 40B0041D
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] CE8E0FC0
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 6A000005
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 56006A00
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 4036A068
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 6A006A00
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 8BD3FF00
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 00008886
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] F83B4700
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 006AE57C
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 6856006A
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [00401000] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 006A006A
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 5E5FD3FF
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 868BC35B
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 00000088
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] B0041D8B
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] FF330040
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 8E0FC085
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00000589
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 006A006A
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 006A0040
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] D3FF006A
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0088868B
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 3B470000
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 6AE57CF8
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 56006A00
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 40100068
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 6A006A00
IAT C:\WINDOWS\System32\svchost.exe[2612] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 5FD3FF00
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetModuleHandleA] B0FC9358
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!VirtualAlloc] 11D35F0E
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!lstrlenW] C000B9A3
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!MultiByteToWideChar] 3AAD794F
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetVersionExA] 6C654809
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!DisableThreadLibraryCalls] 746E4970
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!LocalFree] 00027366
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetCurrentProcessId] C08BFFFF
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!InterlockedCompareExchange] [0042C024] C:\WINDOWS\svchost.exe
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!ReadFile] 48490B0F
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetModuleHandleW] 65747379
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!InterlockedDecrement] 40116C6D
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetCurrentThreadId] 93530100
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!FreeLibrary] 5F0EB0FC
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!InitializeCriticalSection] B9A311D3
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetProcAddress] 794FC000
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetCurrentProcess] 49706C65
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!lstrcmpiW] 7366746E
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!LocalAlloc] FFFF0006
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!CreateFileW] [0042C058] C:\WINDOWS\svchost.exe
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!UnhandledExceptionFilter] 6F747375
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetModuleFileNameW] 6C65486D
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!HeapDestroy] 65695670
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!CreateEventW] 6C726577
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!CloseHandle] 11D35F0E
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!GetModuleFileNameA] C000B9A3
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [kernel32.dll!LoadLibraryW] 3AAD794F
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!SetForegroundWindow] 00097366
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!SetDlgItemTextW] C08BFFFF
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!GetWindowRect] [0042C094] C:\WINDOWS\svchost.exe
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!LoadStringW] 4549130F
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!EndPaint] 6E657478
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!BeginPaint] 48646564
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!IsDlgButtonChecked] 56706C65
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!KillTimer] 65776569
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!GetWindowLongW] 42C05472
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!CreateWindowExW] 93660100
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!SetCursor] 5F0EB0FC
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!wsprintfA] B9A311D3
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!InvalidateRect] 794FC000
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!GetDesktopWindow] 48093AAD
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!MessageBoxW] 49706C65
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!DefWindowProcW] 7366746E
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!GetSystemMetrics] FFFF0004
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!GetClientRect] [0042C0D0] C:\WINDOWS\svchost.exe
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!PostQuitMessage] 5349150F
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!wsprintfW] 69636570
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!LoadCursorW] 69576C61
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!SendMessageW] 6C65486E
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!IsWindow] 65695670
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!ShowWindow] 90726577
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!GetDC] 010042C0
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!CharNextW] B0FC9366
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!LoadIconW] 11D35F0E
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!SendDlgItemMessageW] C000B9A3
IAT C:\WINDOWS\svchost.exe[3320] @ C:\WINDOWS\svchost.exe [user32.dll!GetSysColor] 3AAD794F
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3652] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 64C03356
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 000030A1
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 0C408B00
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] AD1C708B
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 5E08408B
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 53EC8B55
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 558B5756
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8BDA8B08
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FA033C7A
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 503F8166
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 03247B8B
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] FCFA03F2
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 0C6D8B55
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 96C203AD
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 0FC180C9
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] FD875996
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 23EBE6E2
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] BE66F633
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8166EEC5
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 2BEEB6EE
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] EBFE2BF1
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 66C033E3
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E0C1078B
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 1C738B02
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] F003F203
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 5DC203AD
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 5D5B5E5F
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 83EC8B55
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 60A134EC
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 45895756
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] FF4AE8FC
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 2C68FFFF
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 50700051
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] E8E44589
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] FFFFFF5C
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 51200D8B
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 158B7000
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [70005124] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] A1DC4589
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7000511C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] A0EC4589
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [70005128] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 8908C483
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5589F04D
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] F84588F4
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 50EC458D
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 50E4458B
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 89DC55FF
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 558BCC45
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 80118C8B
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 03000000
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04418BCA
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 4D89C085
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 8B0B75E0
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] C0850C41
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 00A2840F
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 018B0000
IAT C:\WINDOWS\System32\svchost.exe[3804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 8B10718B
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!WriteConsoleW] E4BD8312
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!VirtualProtect] 00FFFFFE
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!LocalFree] 0135840F
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetStartupInfoA] 24680000
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FreeEnvironmentStringsW] 6800409D
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetModuleHandleA] 004254C7
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!TlsFree] 002A0DE8
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!ExitProcess] 30246800
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!WriteFile] E8004254
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetCurrentDirectoryA] 000029FE
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!lstrlenW] 0000FFFF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!QueryPerformanceCounter] 85C70000
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!SetConsoleCP] 00000000
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!SetUnhandledExceptionFilter] 00008CE9
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!SetEnvironmentVariableA] E4958B00
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetOEMCP] 8BFFFFFE
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!LCMapStringW] 30858D12
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetCommandLineA] FEE4B5FF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetTickCount] 92FFFFFF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!HeapDestroy] 000000D0
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetCurrentThreadId] FEE4958B
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!DisableThreadLibraryCalls] 128BFFFF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetModuleFileNameA] E22C858D
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetACP] FF50FFFF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindClose] FFFEE4B5
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!Sleep] D492FFFF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!LoadLibraryA] FFE23085
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!TerminateProcess] 288501FF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!InitializeCriticalSection] 8BFFFFE2
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!SetStdHandle] FFE22C85
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!CloseHandle] 248501FF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!CreateFileW] C7FFFFE2
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [USER32.DLL!DispatchMessageW] 000000FF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetFocus] E4958B00
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [USER32.DLL!GetSysColor] 8BFFFFFE
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [USER32.DLL!GetDC] E0858D12
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [GDI32.DLL!SelectObject] 000000E0
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [GDI32.DLL!SaveDC] 2275C00B
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!memmove] 7400FFFF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!_initterm] E0B5FF19
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [ADVAPI32.DLL!RegCreateKeyExW] FFFEE485
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [ADVAPI32.DLL!RegQueryValueExA] E4BD83FF
IAT C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe[3932] @ C:\DOCUME~1\gela\LOCALS~1\Temp\svchost.exe [OLE32.DLL!CoCancelCall] FF67850F
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 207025FF
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 25FF1314
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [1314206C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 206825FF
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 25FF1314
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [13142060] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 206425FF
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 25FF1314
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [1314201C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 201825FF
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] CCCC1314
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 53EC8B55
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 503F8166
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 03547545
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 4B8B785F
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 20738B18
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] FCFA03F2
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 96C203AD
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 0FC180C9
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 0C72A6F3
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] FD875996
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 47471774
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 23EBE6E2
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] BE66F633
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 8166EEC5
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 2BEEB6EE
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] EBFE2BF1
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 66C033E3
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] E0C1078B
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 1C738B02
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] F003F203
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 5DC203AD
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 5D5B5E5F
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 56EC8B55
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 0364C033
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 408B3040
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 1C708B0C
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 08408BAD
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] CCC35D5E
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 81EC8B55
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 0000BCEC
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 087D8300
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B80A7500
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000001
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 0001CFE9
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] FC45C700
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] FF6C85C7
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 0000FFFF
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 85C70000
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] FF5085C7
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0000FFFF
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 85C70000
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] FFFFFF70
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000000
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] FF5485C7
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 17AAFFFF
IAT C:\WINDOWS\System32\svchost.exe[4136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 85C71314
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 64C03356
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 000030A1
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 0C408B00
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] AD1C708B
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 5E08408B
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 53EC8B55
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 558B5756
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8BDA8B08
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FA033C7A
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 503F8166
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 03247B8B
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] FCFA03F2
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 0C6D8B55
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 96C203AD
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 0FC180C9
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] FD875996
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 23EBE6E2
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] BE66F633
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 8166EEC5
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 2BEEB6EE
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] EBFE2BF1
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 66C033E3
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E0C1078B
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 1C738B02
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] F003F203
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 5DC203AD
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 5D5B5E5F
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] CCCCCCC3
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] CCCCCCCC
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 83EC8B55
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 60A134EC
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 45895756
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] FF4AE8FC
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 2C68FFFF
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 50700051
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] E8E44589
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] FFFFFF5C
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 51200D8B
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 158B7000
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [70005124] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] A1DC4589
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7000511C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] A0EC4589
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [70005128] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 8908C483
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 5589F04D
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] F84588F4
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 50EC458D
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 50E4458B
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 89DC55FF
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 558BCC45
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 80118C8B
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 03000000
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04418BCA
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 4D89C085
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 8B0B75E0
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] C0850C41
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 00A2840F
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 018B0000
IAT C:\WINDOWS\System32\svchost.exe[4196] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 8B10718B

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [897F319C] NDIS.sys[.reloc]

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 197120/167552 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 197120/167552 bytes executable

---- EOF - GMER 1.0.15 ----


Logfile of random's system information tool 1.06 (written by random/random)
Run by gela at 2002-01-19 23:47:33
Microsoft Windows XP Professional Service Pack 1
System drive C: has 148 GB (97%) free of 153 GB
Total RAM: 1535 MB (70% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B45A4B16-23F2-41AD-F4E4-00AAC39C0004}]
C:\WINDOWS\System32\mqf6cgmdp6.dll - C:\WINDOWS\System32\mqf6cgmdp6.dll [2002-01-18 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-03-31 842268]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2009-02-09 13680640]
"msnmager"=C:\WINDOWS\TEMP\cdibbg.dll,Set1 []
"ctfmon"=C:\WINDOWS\System32\fgjk4wvb.dll [2002-01-15 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-30 18303966]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-11-20 2045400]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2009-10-17 275932]
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2002-01-18 248278]
"photo_id"=C:\WINDOWS\system32\photo_id.exe [2002-01-18 224982]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"exec"=C:\WINDOWS\fonts\services.exe [2003-03-31 147456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Security Center"=C:\WINDOWS\sc.exe [2002-01-08 382976]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4531680]
"Protection System"=C:\Program Files\Protection System\psystem.exe [2002-01-08 1445332]
"reader_s"=C:\Documents and Settings\gela\reader_s.exe [2002-01-18 248278]
"photo_id"=C:\Documents and Settings\gela\photo_id.exe [2002-01-18 224988]
"asg984jgkfmgasi8ug98jgkfgfb"=C:\DOCUME~1\gela\LOCALS~1\Temp\notepad.exe [2002-01-19 42500]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\fonts\services.exe [2003-03-31 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmager]
C:\WINDOWS\TEMP\edfdgg.dll,Set1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2009-02-09 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2009-02-09 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Protection System]
C:\Program Files\Protection System\psystem.exe [2002-01-08 1445332]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rass32]
C:\windows\system32\rass32.exe [2002-01-14 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\fonts\services.exe [2003-03-31 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Security Center]
C:\WINDOWS\sc.exe [2002-01-08 382976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\rdolib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\System32\mqf6cgmdp6.dll [2002-01-18 15000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
wivagoge.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\WINDOWS\fonts\services.exe"="C:\WINDOWS\fonts\services.exe:*:Enabled:services.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\wivagoge.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\nayazika.dll
6118-30709-30709 6066:30709:16 ----ASH---- C:\WINDOWS\System32\davagadu.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nwiz.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvwss.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvwimg.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvwdmcpl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvwddi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvvitvs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvsvc32.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvshell.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvoglnt.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvmobls.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvmctray.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvmccss.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvmccsrs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvmccs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nview.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvgames.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvdspsch.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvdisps.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvcuvid.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvcuda.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvcplui.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvcpl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvcolor.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvcodins.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvcod.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvappbar.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nvapi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\nv4_disp.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\System32\keystone.exe
2009-01-16 18:24:20 ----A---- C:\WINDOWS\System32\PhysXLoader.dll
2008-12-04 09:28:20 ----A---- C:\WINDOWS\System32\PhysXDevice.dll
2008-11-26 08:55:02 ----A---- C:\WINDOWS\System32\PhysXCplUI.exe
2008-11-25 08:38:10 ----A---- C:\WINDOWS\System32\PhysXCompatCplUI.exe
2008-10-07 09:13:30 ----A---- C:\WINDOWS\System32\physxcudart_20.dll
2008-10-07 09:13:22 ----A---- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
2008-10-07 09:13:20 ----A---- C:\WINDOWS\System32\AgCPanelSwedish.dll
2008-10-07 09:13:20 ----A---- C:\WINDOWS\System32\AgCPanelSpanish.dll
2008-10-07 09:13:20 ----A---- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
2008-10-07 09:13:20 ----A---- C:\WINDOWS\System32\AgCPanelPortugese.dll
2008-10-07 09:13:20 ----A---- C:\WINDOWS\System32\AgCPanelKorean.dll
2008-10-07 09:13:20 ----A---- C:\WINDOWS\System32\AgCPanelJapanese.dll
2008-10-07 09:13:20 ----A---- C:\WINDOWS\System32\AgCPanelGerman.dll
2008-10-07 09:13:20 ----A---- C:\WINDOWS\System32\AgCPanelFrench.dll
2005-01-07 17:07:16 ----N---- C:\WINDOWS\System32\HdAShCut.exe
2005-01-07 17:07:16 ----N---- C:\WINDOWS\System32\HdAProp.dll
2005-01-07 17:07:04 ----N---- C:\WINDOWS\System32\HdAudRes.dll
2004-08-17 20:00:00 ----H---- C:\WINDOWS\System32\Ipripex.dll
2003-03-31 07:00:00 ----RASH---- C:\NTDETECT.COM
2003-03-31 07:00:00 ----R---- C:\WINDOWS\System32\rsop.msc
2003-03-31 07:00:00 ----R---- C:\WINDOWS\System32\perfmon.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\winhlp32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\winhelp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\win.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\vmmreg32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\twunk_32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\twunk_16.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\twain_32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\twain.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\zipfldr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\xpsp1res.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\xenroll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\xcopy.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\xactsrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wzcdlg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wupdmgr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wtsapi32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wstdecod.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wsock32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wsnmp32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wshtcpip.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\WshRm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wshnetbs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wshisn.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wship6.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wshext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wshcon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wshatm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wsecedit.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wscript.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ws2help.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ws2_32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wpnpinst.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wpabaln.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wowexec.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wowdeb.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wow32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmvdmoe.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmvdmod.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmvcore2.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmvcore.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmv8dmod.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmstream.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmsdmoe.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmsdmod.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmpui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmpstub.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmpshell.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmploc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmpcore.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmpcd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmnetmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmiscmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Wmipsyv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Wmipsxv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Wmipsvv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Wmipsqv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Wmipslv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Wmipsiv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Wmipsbv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmiprop.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmerrenu.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmdtc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmdmps.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmdmlog.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmasf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmadmoe.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wmadmod.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wlnotify.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wldap32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wkssvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winver.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wintrust.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winstrm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winsta.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winsrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winspool.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winsock.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winscard.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winrnr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winntbbu.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winnls.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winmsd.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winmm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winlogon.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winipsec.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wininet.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winhttp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winhlp32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winfax.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\winbrand.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\win87em.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\win32spl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\win.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wifeman.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wiavusd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wiavideo.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wiashext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wiaservc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wiascr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wiadss.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wiadefui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wiaacmgr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wextract.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\webvw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\webhits.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\webclnt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\webcheck.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wdigest.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wavemsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\w32topl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\w32tm.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\w32time.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vwipxspx.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vwipxspx.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vssvc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vssapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vssadmin.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vss_ps.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vjoy.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vga64k.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vga256.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vga.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vfpodbc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\version.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\verifier.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\verifier.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ver.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vdmredir.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vdmdbg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vcdex.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vbscript.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\vbajet32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\uxtheme.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\utilman.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\utildll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usp10.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\userinit.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\userenv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\user32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\user.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usbmon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\urlmon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\url.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ureg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ups.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\upnpui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\upnphost.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\upnpcont.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\upnp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\untfs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\unlodctr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\uniplat.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\unimdmat.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\umpnpmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\umdmxfrm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\umandlg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ulib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ufat.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\udhisapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\typeperf.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\typelib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\txflog.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tsddd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tsd32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tsappcmp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\trkwks.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tree.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\traffic.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tracert6.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tracert.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tracerpt.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tourstart.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\toolhelp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tlntsvrp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tlntsvr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tlntsess.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tlntadmn.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\themeui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tftp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\termmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\telnet.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tcpsvcs.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tcpmonui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tcpmon.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tcpmon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tcpmib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tcmsetup.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\taskmgr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\taskman.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tasklist.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\taskkill.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tapiui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tapisrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tapiperf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tapi32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tapi3.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\t2embed.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\systray.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\systeminfo.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\syssetup.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sysocmgr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\syskey.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sysinv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sysedit.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\syncui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\synceng.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\syncapp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sxs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\swprv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\svcpack.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\svchost.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\subst.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\strmdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\storage.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\stobject.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\stimon.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sti_ci.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sti.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ssdpsrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ssdpapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\srvsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sqlwoa.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sqlwid.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sqlunirl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sqlsrv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sprestrt.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\spoolsv.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\spoolss.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\spiisupd.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sort.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\softpub.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\snmpsnap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\snmpapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\smss.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\smlogsvc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\smlogcfg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\slbrccsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\slbiop.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\slbcsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\slayerxp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\skeys.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\skdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sisbkup.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sigverif.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sigtab.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shutdown.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shsvcs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shscrap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shrpubw.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shmgrate.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shmedia.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shlwapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shimgvw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shimeng.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shgina.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shfolder.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shellstyle.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shell32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shell.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shdocvw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\shdoclc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\share.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sfmapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sfcfiles.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sfc_os.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sfc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sfc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\setver.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\setupdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\setupapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\setup.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sethc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\serwvdrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\services.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\services.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\serialui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\senscfg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sensapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sens.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sendmail.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sendcmsg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\security.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\secur32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\secpol.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\seclogon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\secedit.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sdpblb.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sdbinst.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scrrun.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scrobj.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scriptpw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scripto.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scredir.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sclgntfy.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\schtasks.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\schannel.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scesrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scecli.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sccsccp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sccbase.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scardsvr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scardssp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\scarddlg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sbeio.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sbe.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\savedump.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\samsrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\samlib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\runonce.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rundll32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\runas.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rtutils.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rtm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rtipxmib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rtcshare.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rtcdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsvpsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsvpperf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsvpmsg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsvp.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsvp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsopprov.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsnotify.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsmui.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsmsink.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsmps.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsm.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rshx32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsh.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsfsaps.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rsaenh.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rpcss.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rpcrt4.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rpcns4.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\routetab.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\routemon.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\route.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rnr20.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\riched32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\riched20.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rexec.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\resutils.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\replace.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rend.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\relog.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\regwizc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\regwiz.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\regsvr32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\regsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\regedt32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\regapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\reg.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\redir.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\recover.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rdpdd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rdolib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rcp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rcimlby.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rcbdyctl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rastls.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rastapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasser.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rassapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasrad.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasppp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasphone.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasmxs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasmontr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasmans.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasman.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasdlg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasdial.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasctrs.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasctrs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\raschap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasautou.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasauto.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasapi32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\rasadhlp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\query.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\quartz.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\qosname.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\qedwipes.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\qedit.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\qdvd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\qdv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\qcap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\qasf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pubprn.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pstorsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pstorec.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\psnppagn.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pschdprf.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pschdprf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\psbase.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\psapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\proxycfg.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\proquota.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\progman.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\profmap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\prodspec.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\prnqctl.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\prnport.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\prnmngr.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\prnjobs.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\prndrvr.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\prncnfg.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\printui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\print.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\prflbmsg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\powrprof.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\polstore.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pngfilt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pmspl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\plustab.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ping6.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ping.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pifmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pidgen.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\photowiz.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfwci.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfts.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfproc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfos.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfnw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfnet.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfmon.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perffilt.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfdisk.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfctrs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\perfci.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pentnt.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pdh.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pautoenr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pathping.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\panmap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pagefileconfig.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\packager.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\osuninst.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\osuninst.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\osk.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\opengl32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\openfiles.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\opeia.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\olethk32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\olesvr32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\olesvr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\olepro32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\oleprn.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\oledlg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\olecnv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\olecli32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\olecli.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\oleaut32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\oleaccrc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\oleacc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ole32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ole2nls.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ole2disp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ole2.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\offfilt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odtext32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odpdx32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odfox32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odexl32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\oddbse32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbctrac.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbcp32r.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbcjt32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbcji32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbcint.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbccu32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbccr32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbccp32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbcconf.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbcconf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbcbcp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbcad32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbc32gt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbc32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\odbc16gt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ocmanage.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\occache.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\objsel.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\oakley.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nwwks.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nwscript.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Nwsapv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nwprovau.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nwevent.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\NWCWov32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nwcfg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nwapi32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nwapi16.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nw16.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntvdmd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntvdm.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntshrui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntsdexts.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntsd.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntprint.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntoskrnl.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntmssvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntmsoprq.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntmsmgr.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntmsmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntmsevt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntmsdba.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntmsapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntmarta.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntlsapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntlanui2.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntlanui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntlanman.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntdsbcli.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntdsapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ntbackup.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nslookup.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\npptools.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\notepad.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nlsfunc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nlhtml.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\newdev.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netui2.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netui1.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netui0.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netstat.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netshell.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netsh.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netsetup.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netrap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netplwiz.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netmsg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netman.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netlogon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netid.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\neth.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netevent.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netdde.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netcfgx.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netapi32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\netapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\net1.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\net.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nddenb32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nddeapir.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nddeapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ncxpnt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ncobjapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\nbtstat.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\narrhook.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\narrator.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mydocs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mycomput.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mtxclu.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msxmlr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msxml3r.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msxml3.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msxml2r.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msxml2.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msxml.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msxbde40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mswstr10.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mswsock.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mswmdm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mswebdvd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mswdat10.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msw3prt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvideo.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvidctl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvidc32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvfw32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvcrt40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvcrt20.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvcrt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvcp60.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvcp50.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvcirt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvbvm60.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msvbvm50.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msv1_0.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msutb.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msuni11.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mstlsapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mstime.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mstext40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msswchx.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msswch.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mssip32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mssign32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msscp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Mssap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msrle32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msrepl40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msrecr40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msrd3x40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msrd2x40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msrclr40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msrating.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msratelc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msr2cenu.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msr2c.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msprivs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msports.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mspmspsv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mspmsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mspbde40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mspatcha.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msorcl32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msorc32r.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msobjs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msnsspc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msnetobj.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msltus40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msls31.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mslbui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msjtes40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msjter40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msjint40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msjetoledb40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msjet40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msisip.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msisam11.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\MSIMTF.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msimsg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msimg32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msihnd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msiexec.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msieftp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msidntld.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msidle.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msident.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mshtmler.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mshtmled.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mshtml.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mshta.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msgsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msgina.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msftedit.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msexcl40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msexch40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msencode.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msdxmlc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msdmo.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msdart.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\MSCTFP.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\MSCTF.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mscpxl32.dLL
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mscpx32r.dLL
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mscms.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mscert.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mscdexnt.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mscat32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msaudite.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msasn1.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msapsspc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msafd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msacm32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msacm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msaatext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mrinfo.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqutil.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqupgrd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqtrig.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqtgsvc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqsvc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqsnap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqsec.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqrtdep.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqrt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqqm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqperf.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqperf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqoa.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqlogmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqise.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqgentr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqdscli.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqcertui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqbkup.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mqad.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mprui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mprmsg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mprdim.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mprddm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mprapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mpr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mpnotify.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mpg4dmod.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mountvol.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\moricons.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\more.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\modex.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\modemui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mode.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mobsync.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mobsync.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mmutilse.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mmsystem.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mmdrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mmcshext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mmcndmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mmcbase.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mmc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mll_qic.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mll_mtf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mll_hp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mlang.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mindex.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mimefilt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\migpwd.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\miglibnt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\midimap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mgmtapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mfcsubs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mfc42u.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mfc42.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mfc40u.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mfc40.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mf3216.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mem.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mdminst.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mdhcp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mciwave.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mciseq.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mciqtz32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mciole32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mciole16.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mcicda.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mciavi32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mchgrcoi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mcdsrv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mcd32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mcastmib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mapistub.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\makecab.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\magnify.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mag_hook.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lzexpand.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lz32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lusrmgr.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lsass.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lsasrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lprmonui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lprhelp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lpr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lpq.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lpk.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\logonui.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\logman.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\login.cmd
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\loghours.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\logagent.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lodctr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\locator.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\localui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\localspl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\localsec.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\loadperf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\loadfix.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lnkstub.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lmrt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lmhsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\linkinfo.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\lights.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\licmgr10.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\licdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\laprxy.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\langwrbk.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\label.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\krnl386.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\keymgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kernel32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kerberos.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kdcom.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kd1394.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdusx.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdusr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdusl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdus.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbduk.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdsw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdsg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdsf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdpo.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdno.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdnec.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdne.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdmac.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdla.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdit142.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdit.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdir.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdic.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdgr1.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdgae.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdfr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdfo.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdfi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdfc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdes.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbddv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdda.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdcan.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdca.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdbr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdbene.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kbdbe.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\kb16.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jsproxy.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jscript.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jobexec.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jgsh400.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jgsd400.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jgpl400.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jgmd400.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jgdw400.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jgaw400.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\jet500.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ixsso.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iuengine.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iuctl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\itss.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\itircl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Irmonv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ir32_32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipxwan.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipxsap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipxrtmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipxroute.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipxrip.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipxpromn.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipxmontr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipv6mon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipv6.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipsmsnap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipsecsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipsecsnp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipsec6.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iprtrmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iprtprio.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iprop.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ippromon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipnathlp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipmontr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iphlpapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ipconfig.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iologmsg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Install.txt
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\inseng.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\input.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\initpki.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\infosoft.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\inetppui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\inetpp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\inetmib1.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\inetcplc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\imm32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\imgutil.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\imeshare.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\imapi.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\imagehlp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iissuba.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\igmpagnt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ifsutil.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ifmon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iexpress.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iesetup.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iernonce.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iepeers.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iedkcs32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ieakui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ieaksie.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ieakeng.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ie4uinit.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\idq.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\icmui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\icmp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\icm32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iccvid.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\Iasv32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iassvcs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iassdo.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iassam.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iasrecst.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iasrad.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iaspolcy.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iasnap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iashlpr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iasads.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iasacct.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\htui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hotplug.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hostname.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hnetwiz.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hnetmon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hnetcfg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hlink.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hhsetup.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\help.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hccoin.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hal.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\h323msp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\grpconv.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\graphics.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\graftabl.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gpupdate.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gptext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gpresult.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gpkrsrc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gpkcsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gpedit.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gpedit.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\glu32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\glmf32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\getmac.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gdi32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gdi.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\gcdef.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ftsrch.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ftp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fsutil.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fsusd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fsmgmt.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\framebuf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\format.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\forcedos.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fontview.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fontsub.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fontext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fmifs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fldrclnr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fixmapi.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\finger.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\findstr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\find.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\filemgmt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\feclient.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fdeploy.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fde.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fc.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\faultrep.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\fastopen.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\FastNetSrv.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\exts.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\extrac32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\expsrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\expand.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\exe2bin.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eventvwr.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eventvwr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eventtriggers.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eventquery.vbs
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eventlog.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eventcreate.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eventcls.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eula.txt
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\eudcedit.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\esentutl.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\esentprf.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\esentprf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\esent97.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\esent.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\es.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ersvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\encdec.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\encapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\els.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\efsadu.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\edlin.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\edit.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dxtrans.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dxtmsft.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dxmrtp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dxmasf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dxdiag.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dx8vb.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dx7vb.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dwwin.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dvdupgrd.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\duser.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dumprep.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dswave.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsuiext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dssenh.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dssec.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsquery.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsprpres.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsprop.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsound3d.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsound.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dskquoui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dskquota.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsdmoprp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsdmo.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dsauth.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ds32gt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ds16gt.dLL
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\drwtsn32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\drwatson.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\drprov.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\drmv2clt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\drmstor.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\drmclien.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\driverquery.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpwsockx.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpwsock.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpvvox.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpvsetup.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpvoice.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpvacm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpserial.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpnwsock.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpnsvr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpnmodem.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpnlobby.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpnhupnp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpnhpast.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpnet.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpnaddr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpmodemx.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dplayx.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dplaysvr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dplay.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dpcdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dosx.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\doskey.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\docprop2.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\docprop.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dnsrslvr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dnsapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmusic.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmsynth.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmstyle.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmserver.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmscript.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmremote.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmocx.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmloader.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmintf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmime.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmdskres.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmdskmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmdlgs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmconfig.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmcompos.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmband.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmadmin.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dllhst3g.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dllhost.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dispex.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\diskperf.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\diskpart.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\diskmgmt.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\diskcopy.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\diskcopy.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\diskcomp.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dinput8.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dinput.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dimap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\digest.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\diantz.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\diactfrm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dhcpsapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dhcpmon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dhcpcsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dgnet.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dfsshlex.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dfrgui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dfrgsnap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dfrgres.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dfrgntfs.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dfrgfat.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dfrg.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\devmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\devmgmt.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\devenum.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\deskperf.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\deskmon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\deskadp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\defrag.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\debug.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ddrawex.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ddraw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ddeshare.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ddeml.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dciman32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dbnmpntw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dbnetlib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dbmsvinn.dLL
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dbmsrpcn.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dbmsadsn.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dbghelp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dbgeng.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\davclnt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\datime.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dataclen.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\danim.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\d3dxof.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\d3drm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\d3dramp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\d3dpmesh.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\d3dim700.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\d3dim.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\d3d8thk.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\d3d8.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ctl3dv2.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ctl3d32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ctfmon.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\csseqchk.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\csrss.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\csrsrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cscui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cscript.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cscdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cryptui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cryptsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cryptnet.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cryptext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cryptdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cryptdlg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\crypt32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\crtdll.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\credui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\corpol.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\convert.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\control.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\console.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\conime.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\confmsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\comres.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\compstui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\compobj.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\compmgmt.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\compatUI.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\compact.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\comp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\commdlg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\command.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\comdlg32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\comctl32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\comcat.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cnvfat.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cnetcfg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cmutil.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cmstp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cmpbk32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cmmon32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cmdl32.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cmdial32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cmd.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cmcfg32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\clusapi.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cliconfg.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cliconfg.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cleanmgr.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\clb.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ckcnv.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cipher.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ciodm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cidaemon.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cic.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ciadv.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ciadmin.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\chkntfs.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\chkdsk.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\chcp.com
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cfgmgr32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cewmdm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\certmgr.msc
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\certmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\certcli.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cdosys.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cdm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cdfview.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ccfgnt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cards.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\capesnpn.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\camocx.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cacls.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cabview.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cabinet.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\BtwSrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\browsewm.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\browseui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\browser.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\browselc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\bootvrfy.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\bootvid.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\bootok.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\bootcfg.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\blackbox.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\bidispl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\batmeter.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\basesrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\avifile.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\avifil32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\avicap32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\avicap.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\autolfn.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\autofmt.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\autodisc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\autoconv.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\autochk.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\authz.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\audiosrv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\attrib.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\atmpvcno.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\atmlib.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\atmfd.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\atmadm.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\atl.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\atkctrs.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\at.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\asycfilt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\asr_pfu.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\asr_ldm.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\asr_fmt.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\asfsipc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\asferror.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\arp.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\appmgr.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\appmgmts.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\apphelp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\append.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\apcups.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\amstream.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\alrsvc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\alg.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\ahui.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\advpack.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\advapi32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\adsnw.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\adsnt.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\adsnds.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\adsmsext.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\adsldpc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\adsldp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\adptif.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\admparse.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\actxprxy.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\actmovie.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\activeds.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\aclui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\acledit.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\aaaamon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\6to4v32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\6to4svc.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\system.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\regedit.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\msdfmap.ini
2003-03-31 07:00:00 ----A---- C:\WINDOWS\hh.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\explorer.exe
2002-08-28 22:41:20 ----A---- C:\WINDOWS\System32\wzcsvc.dll
2002-08-28 22:41:20 ----A---- C:\WINDOWS\System32\wzcsapi.dll
2002-08-28 22:41:10 ----A---- C:\WINDOWS\System32\pid.dll
2002-08-28 20:04:56 ----A---- C:\WINDOWS\System32\ntkrnlpa.exe
2002-01-19 23:47:33 ----D---- C:\rsit
2002-01-19 23:47:33 ----D---- C:\Program Files\trend micro
2002-01-19 23:47:27 ----A---- C:\WINDOWS\System32\15.tmp
2002-01-19 23:45:29 ----A---- C:\WINDOWS\System32\14.tmp
2002-01-19 23:44:38 ----A---- C:\WINDOWS\System32\13.tmp
2002-01-19 05:41:43 ----A---- C:\ccu.exe
2002-01-19 05:30:35 ----A---- C:\WINDOWS\System32\22.tmp
2002-01-19 05:30:35 ----A---- C:\WINDOWS\System32\21.tmp
2002-01-19 05:05:21 ----A---- C:\1F.tmp
2002-01-19 05:05:19 ----A---- C:\WINDOWS\System32\z4x78j.dll
2002-01-19 05:05:15 ----A---- C:\1C.tmp
2002-01-19 05:02:58 ----A---- C:\WINDOWS\System32\D.tmp
2002-01-19 05:02:58 ----A---- C:\WINDOWS\System32\C.tmp
2002-01-18 16:50:52 ----A---- C:\WINDOWS\System32\12.tmp
2002-01-18 16:50:51 ----A---- C:\WINDOWS\System32\F.tmp
2002-01-18 16:50:27 ----A---- C:\6.tmp
2002-01-18 16:50:25 ----A---- C:\WINDOWS\System32\mqf6cgmdp6.dll
2002-01-18 16:50:21 ----A---- C:\3.tmp
2002-01-18 09:43:47 ----A---- C:\WINDOWS\System32\34.tmp
2002-01-18 09:43:46 ----A---- C:\WINDOWS\System32\33.tmp
2002-01-18 09:43:45 ----A---- C:\WINDOWS\System32\32.tmp
2002-01-18 09:14:57 ----A---- C:\WINDOWS\System32\photo_id.exe
2002-01-18 09:14:55 ----A---- C:\WINDOWS\System32\reader_s.exe
2002-01-18 09:14:53 ----A---- C:\WINDOWS\System32\8.tmp
2002-01-18 09:14:52 ----A---- C:\WINDOWS\System32\7.tmp
2002-01-18 09:14:52 ----A---- C:\WINDOWS\System32\6.tmp
2002-01-18 09:14:31 ----D---- C:\WINDOWS\System32\Lang
2002-01-18 09:11:11 ----D---- C:\WINDOWS\System32\RTCOM
2002-01-18 09:05:25 ----A---- C:\WINDOWS\System32\ksuser.dll
2002-01-18 09:04:51 ----A---- C:\WINDOWS\System32\spupdsvc.exe
2002-01-18 09:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXP$
2002-01-18 09:04:42 ----A---- C:\WINDOWS\vncutil.exe
2002-01-18 09:04:42 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2002-01-18 09:04:41 ----A---- C:\WINDOWS\SkyTel.exe
2002-01-18 09:04:41 ----A---- C:\WINDOWS\RtlUpd.exe
2002-01-18 09:04:38 ----A---- C:\WINDOWS\System32\RtkCoInstXP.dll
2002-01-18 09:04:38 ----A---- C:\WINDOWS\RTLCPL.EXE
2002-01-18 09:04:38 ----A---- C:\WINDOWS\RtkAudioService.exe
2002-01-18 09:04:33 ----A---- C:\WINDOWS\RTHDCPL.EXE
2002-01-18 09:04:33 ----A---- C:\WINDOWS\MicCal.exe
2002-01-18 09:04:32 ----HD---- C:\Program Files\InstallShield Installation Information
2002-01-18 09:04:32 ----D---- C:\Program Files\Realtek
2002-01-18 09:04:32 ----A---- C:\WINDOWS\ALCWZRD.EXE
2002-01-18 09:04:32 ----A---- C:\WINDOWS\ALCMTR.EXE
2002-01-18 09:04:29 ----RA---- C:\WINDOWS\RtlExUpd.dll
2002-01-18 09:04:26 ----D---- C:\Program Files\Common Files\InstallShield
2002-01-17 10:53:26 ----D---- C:\Program Files\Windows
2002-01-17 10:53:23 ----A---- C:\WINDOWS\System32\winets.exe
2002-01-17 09:35:34 ----A---- C:\WINDOWS\System32\92.tmp
2002-01-17 09:35:31 ----A---- C:\WINDOWS\System32\91.tmp
2002-01-17 09:09:15 ----A---- C:\WINDOWS\System32\79.tmp
2002-01-17 09:09:14 ----A---- C:\WINDOWS\System32\78.tmp
2002-01-17 08:52:12 ----A---- C:\WINDOWS\System32\605369.exe
2002-01-17 08:50:56 ----A---- C:\WINDOWS\System32\61.tmp
2002-01-17 08:50:55 ----A---- C:\WINDOWS\System32\60.tmp
2002-01-17 08:22:05 ----A---- C:\WINDOWS\System32\B.tmp
2002-01-17 08:22:05 ----A---- C:\WINDOWS\System32\A.tmp
2002-01-17 08:22:04 ----A---- C:\WINDOWS\System32\2253076.exe
2002-01-15 23:32:12 ----A---- C:\WINDOWS\System32\11.tmp
2002-01-15 23:32:12 ----A---- C:\WINDOWS\System32\10.tmp
2002-01-15 19:37:08 ----SH---- C:\WINDOWS\System32\sm12v.exe
2002-01-15 03:13:19 ----A---- C:\WINDOWS\System32\wininit.dll
2002-01-15 02:15:24 ----A---- C:\xFI.exe
2002-01-15 02:10:06 ----A---- C:\WINDOWS\System32\fgjk4wvb.dll
2002-01-15 02:10:03 ----A---- C:\WINDOWS\System32\9439355.exe
2002-01-14 17:00:48 ----A---- C:\WINDOWS\System32\earcm.exe
2002-01-14 07:15:30 ----A---- C:\WINDOWS\System32\ciloy.exe
2002-01-14 07:12:14 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2002-01-14 07:12:13 ----D---- C:\Program Files\Yahoo!
2002-01-14 02:38:24 ----D---- C:\WINDOWS\System32\AGEIA
2002-01-14 02:38:24 ----D---- C:\Program Files\AGEIA Technologies
2002-01-14 02:28:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2002-01-14 02:27:46 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2002-01-14 02:27:19 ----D---- C:\WINDOWS\nview
2002-01-14 02:27:18 ----A---- C:\WINDOWS\System32\nvudisp.exe
2002-01-14 02:26:41 ----A---- C:\WINDOWS\System32\ssyqsw.exe
2002-01-14 02:26:39 ----A---- C:\WINDOWS\System32\WinRAR.dll
2002-01-14 02:26:38 ----A---- C:\WINDOWS\System32\332.exe
2002-01-14 02:26:36 ----A---- C:\WINDOWS\System32\rass32.exe
2002-01-14 02:26:34 ----A---- C:\WINDOWS\System32\QingYL.dll
2002-01-14 02:26:33 ----A---- C:\WINDOWS\System32\winnt.exe
2002-01-14 02:26:33 ----A---- C:\WINDOWS\System32\Sveran.exe
2002-01-14 02:26:32 ----RASH---- C:\WINDOWS\System32\W1NL0g0.exe
2002-01-14 02:26:02 ----D---- C:\NVIDIA
2002-01-14 02:25:46 ----A---- C:\WINDOWS\svchust.exe
2002-01-14 02:25:29 ----A---- C:\WINDOWS\svchost.exe
2002-01-14 02:25:18 ----A---- C:\WINDOWS\isvchost.exe
2002-01-14 02:22:28 ----SD---- C:\WINDOWS\System32\Microsoft
2002-01-14 02:21:38 ----D---- C:\Documents and Settings\gela\Application Data\Macromedia
2002-01-14 02:21:38 ----D---- C:\Documents and Settings\gela\Application Data\Adobe
2002-01-09 22:41:50 ----A---- C:\RootRepeal report 01-09-02 (22-41-50).txt
2002-01-09 22:37:27 ----A---- C:\RootRepeal report 01-09-02 (22-37-27).txt
2002-01-09 00:19:42 ----D---- C:\Qoobox
2002-01-09 00:03:45 ----D---- C:\Documents and Settings\gela\Application Data\Mozilla
2002-01-09 00:03:38 ----D---- C:\Program Files\Mozilla Firefox
2002-01-08 23:40:38 ----A---- C:\WINDOWS\System32\flags.ini
2002-01-08 23:27:11 ----A---- C:\WINDOWS\System32\5613779.exe
2002-01-08 23:19:20 ----SHD---- C:\RECYCLER
2002-01-08 22:56:45 ----D---- C:\Program Files\Protection System
2002-01-08 22:56:45 ----A---- C:\WINDOWS\sc.exe
2002-01-08 22:56:16 ----RA---- C:\WINDOWS\System32\fdco1ins.dll
2002-01-08 22:56:16 ----RA---- C:\WINDOWS\System32\fdco1.dll
2002-01-08 22:56:14 ----A---- C:\WINDOWS\System32\nvunrm.exe
2002-01-08 22:56:14 ----A---- C:\WINDOWS\System32\nvuninst.exe
2002-01-08 22:56:13 ----RA---- C:\WINDOWS\System32\nvconrm.dll
2002-01-08 22:56:13 ----RA---- C:\WINDOWS\System32\bdco1ins.dll
2002-01-08 22:56:13 ----RA---- C:\WINDOWS\System32\bdco1.dll
2002-01-08 22:51:55 ----D---- C:\WINDOWS\pss
2002-01-08 15:15:10 ----SHD---- C:\WINDOWS\Installer
2002-01-08 15:15:07 ----D---- C:\Documents and Settings\gela\Application Data\Identities
2002-01-08 15:15:02 ----HD---- C:\Program Files\Uninstall Information
2002-01-08 15:14:47 ----SD---- C:\Documents and Settings\gela\Application Data\Microsoft
2002-01-08 15:14:47 ----ASH---- C:\Documents and Settings\gela\Application Data\desktop.ini
2002-01-08 15:12:40 ----SHD---- C:\System Volume Information
2002-01-08 15:12:32 ----D---- C:\WINDOWS\Prefetch
2002-01-08 15:12:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2002-01-08 07:11:59 ----D---- C:\WINDOWS\System32\xircom
2002-01-08 07:11:59 ----D---- C:\Program Files\xerox
2002-01-08 07:11:59 ----D---- C:\Program Files\microsoft frontpage
2002-01-08 07:10:14 ----A---- C:\WINDOWS\control.ini
2002-01-08 07:10:14 ----A---- C:\AUTOEXEC.BAT
2002-01-08 07:10:06 ----A---- C:\WINDOWS\OEWABLog.txt
2002-01-08 07:09:51 ----A---- C:\WINDOWS\System32\mapi32.dll
2002-01-08 07:08:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2002-01-08 07:08:23 ----RD---- C:\WINDOWS\Offline Web Pages
2002-01-08 07:08:23 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest
2002-01-08 07:08:10 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest
2002-01-08 07:07:30 ----D---- C:\WINDOWS\System32\DirectX
2002-01-08 07:06:52 ----A---- C:\WINDOWS\System32\safrslv.dll
2002-01-08 07:06:52 ----A---- C:\WINDOWS\System32\safrdm.dll
2002-01-08 07:06:52 ----A---- C:\WINDOWS\System32\safrcdlg.dll
2002-01-08 07:06:52 ----A---- C:\WINDOWS\System32\racpldlg.dll
2002-01-08 07:06:52 ----A---- C:\WINDOWS\System32\atrace.dll
2002-01-08 07:06:49 ----A---- C:\WINDOWS\System32\desktop.ini
2002-01-08 07:06:49 ----A---- C:\WINDOWS\desktop.ini
2002-01-08 07:06:40 ----A---- C:\WINDOWS\System32\nmevtmsg.dll
2002-01-08 07:06:40 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
2002-01-08 07:06:40 ----A---- C:\WINDOWS\System32\isrdbg32.dll
2002-01-08 07:06:38 ----D---- C:\Program Files\Common Files\Services
2002-01-08 07:06:38 ----A---- C:\WINDOWS\System32\acctres.dll
2002-01-08 07:06:36 ----A---- C:\WINDOWS\System32\inetres.dll
2002-01-08 07:06:31 ----SD---- C:\WINDOWS\Tasks
2002-01-08 07:06:30 ----A---- C:\WINDOWS\System32\isign32.dll
2002-01-08 07:06:30 ----A---- C:\WINDOWS\System32\inetcfg.dll
2002-01-08 07:06:30 ----A---- C:\WINDOWS\System32\icwphbk.dll
2002-01-08 07:06:30 ----A---- C:\WINDOWS\System32\icwdial.dll
2002-01-08 07:06:30 ----A---- C:\WINDOWS\System32\icfgnt5.dll
2002-01-08 07:06:26 ----D---- C:\Program Files\Common Files\MSSoap
2002-01-08 07:06:20 ----D---- C:\WINDOWS\srchasst
2002-01-08 07:06:19 ----D---- C:\WINDOWS\System32\Macromed
2002-01-08 07:06:18 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2002-01-08 07:06:18 ----A---- C:\WINDOWS\System32\qmgr.dll
2002-01-08 07:06:17 ----D---- C:\Program Files\Movie Maker
2002-01-08 07:06:12 ----D---- C:\WINDOWS\PCHealth
2002-01-08 07:06:11 ----D---- C:\WINDOWS\System32\Restore
2002-01-08 07:06:11 ----A---- C:\WINDOWS\System32\srsvc.dll
2002-01-08 07:06:11 ----A---- C:\WINDOWS\System32\srrstr.dll
2002-01-08 07:06:11 ----A---- C:\WINDOWS\System32\srclient.dll
2002-01-08 07:06:10 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2002-01-08 07:06:10 ----A---- C:\WINDOWS\System32\msconf.dll
2002-01-08 07:06:10 ----A---- C:\WINDOWS\System32\mnmdd.dll
2002-01-08 07:06:10 ----A---- C:\WINDOWS\System32\ils.dll
2002-01-08 07:06:07 ----D---- C:\Program Files\NetMeeting
2002-01-08 07:06:07 ----A---- C:\WINDOWS\System32\msoert2.dll
2002-01-08 07:06:07 ----A---- C:\WINDOWS\System32\msoeacct.dll
2002-01-08 07:06:06 ----A---- C:\WINDOWS\System32\inetcomm.dll
2002-01-08 07:06:05 ----D---- C:\Program Files\Outlook Express
2002-01-08 07:06:05 ----A---- C:\WINDOWS\System32\schedsvc.dll
2002-01-08 07:06:05 ----A---- C:\WINDOWS\System32\mstinit.exe
2002-01-08 07:06:05 ----A---- C:\WINDOWS\System32\mstask.dll
2002-01-08 07:06:00 ----D---- C:\Program Files\Common Files\System
2002-01-08 07:05:56 ----D---- C:\Program Files\Internet Explorer
2002-01-08 07:05:13 ----D---- C:\Program Files\ComPlus Applications
2002-01-08 07:05:10 ----A---- C:\WINDOWS\vbaddin.ini
2002-01-08 07:05:10 ----A---- C:\WINDOWS\vb.ini
2002-01-08 07:05:01 ----D---- C:\WINDOWS\Registration
2002-01-08 07:04:46 ----HD---- C:\Program Files\WindowsUpdate
2002-01-08 07:04:46 ----D---- C:\Program Files\Online Services
2002-01-08 07:04:45 ----D---- C:\Program Files\Windows Media Player
2002-01-08 07:04:37 ----D---- C:\Program Files\Messenger
2002-01-08 07:04:30 ----D---- C:\Program Files\MSN Gaming Zone
2002-01-08 07:04:30 ----A---- C:\WINDOWS\System32\write.exe
2002-01-08 07:04:12 ----A---- C:\WINDOWS\System32\sndvol32.exe
2002-01-08 07:04:12 ----A---- C:\WINDOWS\System32\sndrec32.exe
2002-01-08 07:04:12 ----A---- C:\WINDOWS\System32\hypertrm.dll
2002-01-08 07:04:12 ----A---- C:\WINDOWS\System32\accwiz.exe
2002-01-08 07:04:11 ----A---- C:\WINDOWS\System32\hticons.dll
2002-01-08 07:04:11 ----A---- C:\WINDOWS\System32\avwav.dll
2002-01-08 07:04:11 ----A---- C:\WINDOWS\System32\avtapi.dll
2002-01-08 07:04:11 ----A---- C:\WINDOWS\System32\avmeter.dll
2002-01-08 07:04:10 ----A---- C:\WINDOWS\System32\winchat.exe
2002-01-08 07:03:59 ----A---- C:\WINDOWS\System32\getuname.dll
2002-01-08 07:03:58 ----A---- C:\WINDOWS\System32\sol.exe
2002-01-08 07:03:58 ----A---- C:\WINDOWS\System32\charmap.exe
2002-01-08 07:03:58 ----A---- C:\WINDOWS\System32\calc.exe
2002-01-08 07:03:57 ----A---- C:\WINDOWS\System32\winmine.exe
2002-01-08 07:03:57 ----A---- C:\WINDOWS\System32\mshearts.exe
2002-01-08 07:03:57 ----A---- C:\WINDOWS\System32\freecell.exe
2002-01-08 07:03:56 ----A---- C:\WINDOWS\System32\usrlogon.cmd
2002-01-08 07:03:56 ----A---- C:\WINDOWS\System32\tsshutdn.exe
2002-01-08 07:03:56 ----A---- C:\WINDOWS\System32\tslabels.ini
2002-01-08 07:03:56 ----A---- C:\WINDOWS\System32\tskill.exe
2002-01-08 07:03:56 ----A---- C:\WINDOWS\System32\reset.exe
2002-01-08 07:03:56 ----A---- C:\WINDOWS\System32\rdshost.exe
2002-01-08 07:03:55 ----A---- C:\WINDOWS\System32\tsdiscon.exe
2002-01-08 07:03:55 ----A---- C:\WINDOWS\System32\tscon.exe
2002-01-08 07:03:55 ----A---- C:\WINDOWS\System32\shadow.exe
2002-01-08 07:03:55 ----A---- C:\WINDOWS\System32\rwinsta.exe
2002-01-08 07:03:55 ----A---- C:\WINDOWS\System32\regini.exe
2002-01-08 07:03:55 ----A---- C:\WINDOWS\System32\rdpcfgex.dll
2002-01-08 07:03:55 ----A---- C:\WINDOWS\System32\qwinsta.exe
2002-01-08 07:03:55 ----A---- C:\WINDOWS\System32\qprocess.exe
2002-01-08 07:03:54 ----A---- C:\WINDOWS\System32\qappsrv.exe
2002-01-08 07:03:54 ----A---- C:\WINDOWS\System32\msg.exe
2002-01-08 07:03:54 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
2002-01-08 07:03:54 ----A---- C:\WINDOWS\System32\logoff.exe
2002-01-08 07:03:54 ----A---- C:\WINDOWS\System32\cdmodem.dll
2002-01-08 07:03:53 ----A---- C:\WINDOWS\System32\xolehlp.dll
2002-01-08 07:03:53 ----A---- C:\WINDOWS\System32\mtxoci.dll
2002-01-08 07:03:53 ----A---- C:\WINDOWS\System32\msdtctm.dll
2002-01-08 07:03:53 ----A---- C:\WINDOWS\System32\msdtcprf.ini
2002-01-08 07:03:53 ----A---- C:\WINDOWS\System32\msdtclog.dll
2002-01-08 07:03:52 ----A---- C:\WINDOWS\System32\msdtc.exe
2002-01-08 07:03:51 ----A---- C:\WINDOWS\System32\mtxlegih.dll
2002-01-08 07:03:51 ----A---- C:\WINDOWS\System32\mtxex.dll
2002-01-08 07:03:51 ----A---- C:\WINDOWS\System32\mtxdm.dll
2002-01-08 07:03:51 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
2002-01-08 07:03:50 ----A---- C:\WINDOWS\System32\stclient.dll
2002-01-08 07:03:50 ----A---- C:\WINDOWS\System32\comrepl.dll
2002-01-08 07:03:50 ----A---- C:\WINDOWS\System32\comaddin.dll
2002-01-08 07:03:50 ----A---- C:\WINDOWS\System32\colbact.dll
2002-01-08 07:03:50 ----A---- C:\WINDOWS\System32\clbcatex.dll
2002-01-08 07:03:50 ----A---- C:\WINDOWS\System32\catsrvps.dll
2002-01-08 07:03:49 ----A---- C:\WINDOWS\System32\comuid.dll
2002-01-08 07:03:49 ----A---- C:\WINDOWS\System32\comsnap.dll
2002-01-08 07:03:49 ----A---- C:\WINDOWS\System32\clbcatq.dll
2002-01-08 07:03:49 ----A---- C:\WINDOWS\System32\catsrv.dll
2002-01-08 07:03:35 ----A---- C:\WINDOWS\System32\wmimgmt.msc
2002-01-08 07:03:34 ----A---- C:\WINDOWS\System32\servdeps.dll
2002-01-08 07:03:34 ----A---- C:\WINDOWS\System32\mmfutil.dll
2002-01-08 07:03:34 ----A---- C:\WINDOWS\System32\cmprops.dll
2002-01-08 07:03:27 ----D---- C:\Program Files\Windows NT
2002-01-08 07:03:27 ----D---- C:\Program Files\MSN
2002-01-08 07:03:27 ----A---- C:\WINDOWS\System32\mplay32.exe
2002-01-08 07:03:26 ----A---- C:\WINDOWS\System32\wuaueng.dll
2002-01-08 07:03:26 ----A---- C:\WINDOWS\System32\spider.exe
2002-01-08 07:03:26 ----A---- C:\WINDOWS\System32\mspaint.exe
2002-01-08 07:03:26 ----A---- C:\WINDOWS\System32\clipbrd.exe
2002-01-08 07:03:25 ----A---- C:\WINDOWS\System32\wuauserv.dll
2002-01-08 07:03:25 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2002-01-08 07:03:24 ----A---- C:\WINDOWS\System32\sessmgr.exe
2002-01-08 07:03:24 ----A---- C:\WINDOWS\System32\remotepg.dll
2002-01-08 07:03:24 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2002-01-08 07:03:24 ----A---- C:\WINDOWS\System32\rdchost.dll
2002-01-08 07:03:24 ----A---- C:\WINDOWS\System32\mstscax.dll
2002-01-08 07:03:24 ----A---- C:\WINDOWS\System32\mstsc.exe
2002-01-08 07:03:23 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2002-01-08 07:03:23 ----A---- C:\WINDOWS\System32\termsrv.dll
2002-01-08 07:03:23 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2002-01-08 07:03:23 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2002-01-08 07:03:23 ----A---- C:\WINDOWS\System32\rdpclip.exe
2002-01-08 07:03:23 ----A---- C:\WINDOWS\System32\icaapi.dll
2002-01-08 07:03:23 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2002-01-08 07:03:22 ----D---- C:\WINDOWS\System32\MsDtc
2002-01-08 07:03:22 ----D---- C:\WINDOWS\System32\Com
2002-01-08 07:03:22 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2002-01-08 07:03:22 ----A---- C:\WINDOWS\System32\catsrvut.dll
2002-01-08 07:03:21 ----A---- C:\WINDOWS\System32\comsvcs.dll
2002-01-08 07:03:17 ----A---- C:\WINDOWS\System32\licwmi.dll
2002-01-08 02:01:52 ----A---- C:\WINDOWS\System32\h323log.txt
2002-01-08 01:39:36 ----A---- C:\WINDOWS\System32\usbui.dll
2002-01-08 01:37:57 ----A---- C:\WINDOWS\imsins.BAK
2002-01-08 01:37:52 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2002-01-08 01:37:50 ----D---- C:\Program Files\Common Files\ODBC
2002-01-08 01:37:50 ----A---- C:\WINDOWS\ODBCINST.INI
2002-01-08 01:37:47 ----D---- C:\Program Files\Common Files\SpeechEngines
2002-01-08 01:37:46 ----RD---- C:\Program Files
2002-01-08 01:37:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2002-01-08 01:37:46 ----D---- C:\Program Files\Common Files
2002-01-08 01:37:43 ----RA---- C:\WINDOWS\System32\kbdtuq.dll
2002-01-08 01:37:43 ----RA---- C:\WINDOWS\System32\kbdtuf.dll
2002-01-08 01:37:43 ----RA---- C:\WINDOWS\System32\kbdazel.dll
2002-01-08 01:37:40 ----RA---- C:\WINDOWS\System32\kbdtat.dll
2002-01-08 01:37:40 ----RA---- C:\WINDOWS\System32\kbdmon.dll
2002-01-08 01:37:40 ----RA---- C:\WINDOWS\System32\kbdkyr.dll
2002-01-08 01:37:40 ----RA---- C:\WINDOWS\System32\kbdaze.dll
2002-01-08 01:37:39 ----RA---- C:\WINDOWS\System32\kbdycc.dll
2002-01-08 01:37:39 ----RA---- C:\WINDOWS\System32\kbduzb.dll
2002-01-08 01:37:39 ----RA---- C:\WINDOWS\System32\kbdur.dll
2002-01-08 01:37:39 ----RA---- C:\WINDOWS\System32\kbdru1.dll
2002-01-08 01:37:39 ----RA---- C:\WINDOWS\System32\kbdru.dll
2002-01-08 01:37:39 ----RA---- C:\WINDOWS\System32\kbdkaz.dll
2002-01-08 01:37:39 ----RA---- C:\WINDOWS\System32\kbdbu.dll
2002-01-08 01:37:39 ----RA---- C:\WINDOWS\System32\kbdblr.dll
2002-01-08 01:37:38 ----RA---- C:\WINDOWS\System32\kbdhept.dll
2002-01-08 01:37:38 ----RA---- C:\WINDOWS\System32\kbdhela3.dll
2002-01-08 01:37:38 ----RA---- C:\WINDOWS\System32\kbdhela2.dll
2002-01-08 01:37:38 ----RA---- C:\WINDOWS\System32\kbdhe319.dll
2002-01-08 01:37:38 ----RA---- C:\WINDOWS\System32\kbdhe220.dll
2002-01-08 01:37:38 ----RA---- C:\WINDOWS\System32\kbdhe.dll
2002-01-08 01:37:38 ----RA---- C:\WINDOWS\System32\kbdgkl.dll
2002-01-08 01:37:36 ----RA---- C:\WINDOWS\System32\kbdlv1.dll
2002-01-08 01:37:36 ----RA---- C:\WINDOWS\System32\kbdlv.dll
2002-01-08 01:37:36 ----RA---- C:\WINDOWS\System32\kbdlt1.dll
2002-01-08 01:37:36 ----RA---- C:\WINDOWS\System32\kbdlt.dll
2002-01-08 01:37:36 ----RA---- C:\WINDOWS\System32\kbdest.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdycl.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdsl1.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdsl.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdro.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdpl1.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdpl.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdhu1.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdhu.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdcz2.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdcz1.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdcz.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\kbdcr.dll
2002-01-08 01:37:35 ----RA---- C:\WINDOWS\System32\KBDAL.DLL
2002-01-08 01:37:32 ----A---- C:\WINDOWS\System32\spxcoins.dll
2002-01-08 01:37:32 ----A---- C:\WINDOWS\System32\irclass.dll
2002-01-08 01:37:32 ----A---- C:\WINDOWS\System32\EqnClass.Dll
2002-01-08 01:37:32 ----A---- C:\WINDOWS\System32\dgsetup.dll
2002-01-08 01:37:32 ----A---- C:\WINDOWS\System32\dgrpsetu.dll
2002-01-08 01:37:29 ----A---- C:\WINDOWS\TASKMAN.EXE
2002-01-08 01:37:29 ----A---- C:\WINDOWS\System32\batt.dll
2002-01-08 01:37:29 ----A---- C:\WINDOWS\NOTEPAD.EXE
2002-01-08 01:37:28 ----A---- C:\WINDOWS\System32\storprop.dll
2002-01-08 01:37:20 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2002-01-08 01:36:47 ----RA---- C:\WINDOWS\SET7.tmp
2002-01-08 01:36:43 ----RA---- C:\WINDOWS\SET3.tmp
2002-01-08 01:36:34 ----D---- C:\WINDOWS\System32\CatRoot2
2002-01-08 01:36:34 ----D---- C:\WINDOWS\System32\CatRoot
2002-01-08 01:36:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2002-01-08 01:36:07 ----A---- C:\WINDOWS\setuplog.txt
2002-01-08 01:36:03 ----D---- C:\Documents and Settings
2002-01-08 01:35:08 ----SH---- C:\boot.ini
2002-01-08 01:30:58 ----RSHDC---- C:\WINDOWS\System32\dllcache
2002-01-08 01:30:58 ----RSD---- C:\WINDOWS\Fonts
2002-01-08 01:30:58 ----RD---- C:\WINDOWS\Web
2002-01-08 01:30:58 ----HD---- C:\WINDOWS\inf
2002-01-08 01:30:58 ----D---- C:\WINDOWS\WinSxS
2002-01-08 01:30:58 ----D---- C:\WINDOWS\twain_32
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Temp
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\wins
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\wbem
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\usmt
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\spool
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\ShellExt
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\Setup
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\ras
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\oobe
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\npp
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\mui
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\inetsrv
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\IME
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\icsxml
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\ias
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\export
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\drivers
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\dhcp
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\config
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\3com_dmi
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\3076
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\2052
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\1054
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\1042
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\1041
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\1037
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\1033
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\1031
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\1028
2002-01-08 01:30:58 ----D---- C:\WINDOWS\System32\1025
2002-01-08 01:30:58 ----D---- C:\WINDOWS\system32
2002-01-08 01:30:58 ----D---- C:\WINDOWS\system
2002-01-08 01:30:58 ----D---- C:\WINDOWS\security
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Resources
2002-01-08 01:30:58 ----D---- C:\WINDOWS\repair
2002-01-08 01:30:58 ----D---- C:\WINDOWS\mui
2002-01-08 01:30:58 ----D---- C:\WINDOWS\msapps
2002-01-08 01:30:58 ----D---- C:\WINDOWS\msagent
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Media
2002-01-08 01:30:58 ----D---- C:\WINDOWS\java
2002-01-08 01:30:58 ----D---- C:\WINDOWS\ime
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Help
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Driver Cache
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Debug
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Cursors
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Connection Wizard
2002-01-08 01:30:58 ----D---- C:\WINDOWS\Config
2002-01-08 01:30:58 ----D---- C:\WINDOWS\AppPatch
2002-01-08 01:30:58 ----D---- C:\WINDOWS\addins
2002-01-08 01:30:58 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wowfaxui.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\wowfax.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrvpa.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrvoica.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrv80a.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrv42a.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrsvpia.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrshuta.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrsdpia.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrrtosa.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrprbda.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrmlnka.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrlbva.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrfaxa.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrdtea.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrdpa.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrcoina.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\usrcntra.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\tsbyuv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\streamci.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sprio800.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\sprio600.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\spnike.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\pjlmon.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\paqsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\msyuv.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\mdwmdmsp.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\iyuv_32.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\hid.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dvdplay.exe
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\dmutil.dll
2003-03-31 07:00:00 ----A---- C:\WINDOWS\System32\cnbjmon.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-06 4968448]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2008-01-29 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2008-01-29 22016]
R3 tcpsr;tcpsr; \??\C:\WINDOWS\System32\drivers\tcpsr.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-03-31 19328]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-03-31 51968]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-03-31 15744]
S3 daqdrv;daqdrv; \??\C:\WINDOWS\System32\daqdrv.sys []
S3 pxtdqpow;pxtdqpow; \??\C:\DOCUME~1\gela\LOCALS~1\Temp\pxtdqpow.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2003-03-31 69248]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BtwSrv;BtwSrv; C:\WINDOWS\system32\svchost.exe [2003-03-31 12800]
R2 fastnetsrv;fastnetsrv Service; C:\WINDOWS\System32\FastNetSrv.exe [2003-03-31 64000]
R2 Iprip;MicroSoft Protected Network; C:\WINDOWS\System32\svchost.exe [2003-03-31 12800]
R2 NationalSer1.5;National Instruments Domain Service1.5; C:\WINDOWS\System32\ciloy.exe [2002-01-14 55296]
R2 NetLogin;Net Login; C:\WINDOWS\svchost.exe [2002-01-17 1169408]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-02-09 184320]
R2 Nwsapagent;Network Security; C:\WINDOWS\System32\svchost.exe [2003-03-31 12800]
R2 winlogin;winlogin; C:\WINDOWS\System32\svchost.exe [2003-03-31 12800]
S2 Description;Description; C:\WINDOWS\System32\earcm.exe [2002-01-19 33280]
S2 Nationalbbs;Nationalkjj Instruments Domain Service; C:\WINDOWS\System32\ssyqsw.exe [2002-01-14 275414]
S2 Net_Login;Net_Login; C:\WINDOWS\svchust.exe [2002-01-17 745950]
S2 smssv.exe;smssv.exe; C:\WINDOWS\System32\sm12v.exe [2002-01-15 52224]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2002-01-19 23:47:36

======Uninstall list======

-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======System event log======

Computer Name: GEL
Event Code: 52
Message: The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail.
Immediately back up your data and replace your hard disk drive. A failure
may be imminent.

Record Number: 82
Source Name: Disk
Time Written: 20020108235343.000000-300
Event Type: warning
User:

Computer Name: GEL
Event Code: 1073
Message: The attempt to reboot GEL failed

Record Number: 81
Source Name: USER32
Time Written: 20020108233755.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GEL
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by +246990542 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.232.182:123) is working properly.

Record Number: 74
Source Name: W32Time
Time Written: 20020108225643.000000-300
Event Type: error
User:

Computer Name: GEL
Event Code: 4311
Message: Initialization failed because the driver device could not be created.

Record Number: 73
Source Name: NetBT
Time Written: 20020108225623.000000-300
Event Type: error
User:

Computer Name: GEL
Event Code: 52
Message: The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail.
Immediately back up your data and replace your hard disk drive. A failure
may be imminent.

Record Number: 6
Source Name: Disk
Time Written: 20020108151233.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: GEL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x8ca

Record Number: 27
Source Name: crypt32
Time Written: 20020109013103.000000-300
Event Type: error
User:

Computer Name: GEL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x8ca

Record Number: 26
Source Name: crypt32
Time Written: 20020109013103.000000-300
Event Type: error
User:

Computer Name: GEL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x8ca

Record Number: 25
Source Name: crypt32
Time Written: 20020109013103.000000-300
Event Type: error
User:

Computer Name: GEL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 0x2ee7

Record Number: 24
Source Name: crypt32
Time Written: 20020109013103.000000-300
Event Type: error
User:

Computer Name: GEL
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.


Record Number: 20
Source Name: Windows Product Activation
Time Written: 20020108151449.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:58 PM

Posted 18 November 2009 - 12:34 AM

Hi,



One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.






Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\gela\reader_s.exe
C:\WINDOWS\System32\nwiz.exe
C:\WINDOWS\System32\svchost.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 budigans

budigans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 21 November 2009 - 11:23 PM

C:\WINDOWS\System32\reader_s.exe

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.11.21 Trojan-Downloader.Win32.Cutwail!IK
AhnLab-V3 5.0.0.2 2009.11.20 Win32/Parite
AntiVir 7.9.1.72 2009.11.20 W32/Parite
Antiy-AVL 2.0.3.7 2009.11.20 Virus/Win32.Parite.b.gen
Authentium 5.2.0.5 2009.11.21 W32/Parite.B
Avast 4.8.1351.0 2009.11.21 Win32:Parite
AVG 8.5.0.425 2009.11.21 Win32/Parite
BitDefender 7.2 2009.11.22 Win32.Parite.B
CAT-QuickHeal 10.00 2009.11.21 W32.Perite.B
ClamAV 0.94.1 2009.11.22 W32.Parite.B
Comodo 2992 2009.11.22 Virus.Win32.Parite.~B
DrWeb 5.0.0.12182 2009.11.22 Trojan.DownLoad.37236
eSafe 7.0.17.0 2009.11.19 Win32_Parite_B
eTrust-Vet 35.1.7133 2009.11.20 Win32/Pinfi.A
F-Prot 4.5.1.85 2009.11.21 W32/Backdoor2.GCUD
F-Secure 9.0.15370.0 2009.11.20 Win32.Parite.B
Fortinet 3.120.0.0 2009.11.21 W32/Parite.B
GData 19 2009.11.22 Win32.Parite.B
Ikarus T3.1.1.74.0 2009.11.21 Trojan-Downloader.Win32.Cutwail
Jiangmin 11.0.800 2009.11.21 Win32/Parite.b
K7AntiVirus 7.10.901 2009.11.20 Virus.Win32.Parite.a
Kaspersky 7.0.0.125 2009.11.22 Backdoor.Win32.Small.zv
McAfee 5809 2009.11.21 W32/Pate.b
McAfee+Artemis 5809 2009.11.21 W32/Pate.b
McAfee-GW-Edition 6.8.5 2009.11.21 Win32.Parite
Microsoft 1.5302 2009.11.21 Virus:Win32/Parite.B
NOD32 4627 2009.11.21 Win32/Parite.B
Norman 6.03.02 2009.11.21 W32/Pinfi.A
nProtect 2009.1.8.0 2009.11.22 -
Panda 10.0.2.2 2009.11.21 W32/Parite.B
PCTools 7.0.3.5 2009.11.21 Win32.Parite.B
Prevx 3.0 2009.11.22 -
Rising 22.22.06.01 2009.11.22 Win32.Parite.b
Sophos 4.47.0 2009.11.22 W32/Parite-B
Sunbelt 3.2.1858.2 2009.11.21 Win32.Parite.b (v)
Symantec 1.4.4.12 2009.11.22 W32.Pinfi
TheHacker 6.5.0.2.075 2009.11.20 W32/Pate.B
TrendMicro 9.0.0.1003 2009.11.22 PE_PARITE.A
VBA32 3.12.12.0 2009.11.22 Win32.Parite.B
ViRobot 2009.11.20.2047 2009.11.20 Backdoor.Win32.Small.51712.C
VirusBuster 5.0.21.0 2009.11.21 Win32.Parite.B
Additional information
File size: 248278 bytes
MD5...: bfff78c90da9deb5da95875849576ef7
SHA1..: 1ad6f600dec88e69ec0e127806e3b0511d681ff0
SHA256: 3881074fe165e799d784d4055d95e7b91744a64c69594b2a23171925c2fac284
ssdeep: 6144:9pR/EMXNHOh+Q1j/hNktU9siHua01BLkC6Sn1n:/HOwQ1j/I+luakkCx1
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21000
timedatestamp.....: 0x268869da (Wed Jun 27 08:10:02 1990)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5a8c 0x5c00 1.18 09b813677e942756884f78124fb10ee8
.rdata 0x7000 0x13bf 0x1400 7.10 0f7fb38fae2bcd489de3ac73e016479f
.data 0x9000 0xc000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x15000 0x6ec 0x800 3.38 41e7cd04b9fba69650e2f16e3b6feae2
.tls 0x16000 0x250 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.edata 0x17000 0x9800 0x9400 7.90 b7e222f6bd23290e80c2acfbdbfa6b97
.khe 0x21000 0x1000 0x600 6.88 099c11fc5707391781da0474d4e062d7

( 3 imports )
> MSVCRT.dll: _atoi64, _chdir, _assert, _access
> OLEAUT32.dll: SafeArraySetRecordInfo, CreateStdDispatch, VarNumFromParseNum, SafeArraySetIID
> KERNEL32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, GetModuleHandleA, ExitProcess, LockResource

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
sigcheck:
publisher....: InstallShield Software Corporation
copyright....: Copyright© 1990-1998 InstallShield Software Corporation, Phone: (847) 240-9111
product......: InstallShield_
description..: 32-bit Setup Launcher
original name: n/a
internal name: n/a
file version.: 5, 50, 137, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#8 budigans

budigans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 21 November 2009 - 11:26 PM

C:\Documents and Settings\gela\reader_s.exe

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.11.21 Trojan-Downloader.Win32.Cutwail!IK
AhnLab-V3 5.0.0.2 2009.11.20 Win32/Parite
AntiVir 7.9.1.72 2009.11.20 W32/Parite
Antiy-AVL 2.0.3.7 2009.11.20 Virus/Win32.Parite.b.gen
Authentium 5.2.0.5 2009.11.21 W32/Parite.B
Avast 4.8.1351.0 2009.11.21 Win32:Parite
AVG 8.5.0.425 2009.11.21 Win32/Parite
BitDefender 7.2 2009.11.22 Win32.Parite.B
CAT-QuickHeal 10.00 2009.11.21 W32.Perite.B
ClamAV 0.94.1 2009.11.22 W32.Parite.B
Comodo 2993 2009.11.22 Virus.Win32.Parite.~B
DrWeb 5.0.0.12182 2009.11.22 Trojan.DownLoad.37236
eSafe 7.0.17.0 2009.11.19 Win32_Parite_B
eTrust-Vet 35.1.7133 2009.11.20 Win32/Pinfi.A
F-Prot 4.5.1.85 2009.11.21 W32/Backdoor2.GCUD
F-Secure 9.0.15370.0 2009.11.20 Win32.Parite.B
Fortinet 3.120.0.0 2009.11.21 W32/Parite.B
GData 19 2009.11.22 Win32.Parite.B
Ikarus T3.1.1.74.0 2009.11.21 Trojan-Downloader.Win32.Cutwail
Jiangmin 11.0.800 2009.11.21 Win32/Parite.b
K7AntiVirus 7.10.901 2009.11.20 Virus.Win32.Parite.a
Kaspersky 7.0.0.125 2009.11.22 Backdoor.Win32.Small.zv
McAfee 5809 2009.11.21 W32/Pate.b
McAfee+Artemis 5809 2009.11.21 W32/Pate.b
McAfee-GW-Edition 6.8.5 2009.11.21 Win32.Parite
Microsoft 1.5302 2009.11.21 Virus:Win32/Parite.B
NOD32 4627 2009.11.21 Win32/Parite.B
Norman 6.03.02 2009.11.21 W32/Pinfi.A
nProtect 2009.1.8.0 2009.11.22 -
Panda 10.0.2.2 2009.11.21 W32/Parite.B
PCTools 7.0.3.5 2009.11.21 Win32.Parite.B
Prevx 3.0 2009.11.22 -
Rising 22.22.06.01 2009.11.22 Win32.Parite.b
Sophos 4.47.0 2009.11.22 W32/Parite-B
Sunbelt 3.2.1858.2 2009.11.21 Win32.Parite.b (v)
Symantec 1.4.4.12 2009.11.22 W32.Pinfi
TheHacker 6.5.0.2.075 2009.11.20 W32/Pate.B
TrendMicro 9.0.0.1003 2009.11.22 PE_PARITE.A
VBA32 3.12.12.0 2009.11.22 Win32.Parite.B
ViRobot 2009.11.20.2047 2009.11.20 Backdoor.Win32.Small.51712.C
VirusBuster 5.0.21.0 2009.11.21 Win32.Parite.B
Additional information
File size: 248278 bytes
MD5...: eaaa2cb45950e0be8f3eb65f5aee2542
SHA1..: e79ad4b0d4ed0d019a3803988d37ef827ea36560
SHA256: 51a2efc3db9dbbf1844640424295b93f3201195fa6e56356ed287f950b1216e3
ssdeep: 6144:8pR+oMMHcE+M/5XqNXD3ZURUeMlm9U0slslNFJZ:aEA/5XWD3ZURzMlmu0x
fFJZ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21000
timedatestamp.....: 0x268869da (Wed Jun 27 08:10:02 1990)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5a8c 0x5c00 1.18 09b813677e942756884f78124fb10ee8
.rdata 0x7000 0x13bf 0x1400 7.10 0f7fb38fae2bcd489de3ac73e016479f
.data 0x9000 0xc000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x15000 0x6ec 0x800 3.38 41e7cd04b9fba69650e2f16e3b6feae2
.tls 0x16000 0x250 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.edata 0x17000 0x9800 0x9400 7.90 5986e6840bda3bab392b529bfbdcd4e9
.lif 0x21000 0x1000 0x600 6.97 f3d4f3ac211e754ac295c42362c13f95

( 3 imports )
> MSVCRT.dll: _atoi64, _chdir, _assert, _access
> OLEAUT32.dll: SafeArraySetRecordInfo, CreateStdDispatch, VarNumFromParseNum, SafeArraySetIID
> KERNEL32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, GetModuleHandleA, ExitProcess, LockResource

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
sigcheck:
publisher....: InstallShield Software Corporation
copyright....: Copyright© 1990-1998 InstallShield Software Corporation, Phone: (847) 240-9111
product......: InstallShield_
description..: 32-bit Setup Launcher
original name: n/a
internal name: n/a
file version.: 5, 50, 137, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

C:\WINDOWS\System32\nwiz.exe

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.11.21 Virus.Win32.Parite!IK
AhnLab-V3 5.0.0.2 2009.11.20 Win32/Parite
AntiVir 7.9.1.72 2009.11.20 W32/Parite
Antiy-AVL 2.0.3.7 2009.11.20 Virus/Win32.Parite.b.gen
Authentium 5.2.0.5 2009.11.21 W32/Parite.B
Avast 4.8.1351.0 2009.11.21 Win32:Parite
AVG 8.5.0.425 2009.11.21 Win32/Parite
BitDefender 7.2 2009.11.22 Win32.Parite.B
CAT-QuickHeal 10.00 2009.11.21 W32.Perite.B
ClamAV 0.94.1 2009.11.22 W32.Parite.B
Comodo 2993 2009.11.22 Virus.Win32.Parite.~B
DrWeb 5.0.0.12182 2009.11.22 Win32.Parite.2
eSafe 7.0.17.0 2009.11.19 Win32_Parite_B
eTrust-Vet 35.1.7133 2009.11.20 Win32/Pinfi.A
F-Prot 4.5.1.85 2009.11.21 W32/Parite.B
F-Secure 9.0.15370.0 2009.11.20 Win32.Parite.B
Fortinet 3.120.0.0 2009.11.21 W32/Parite.B
GData 19 2009.11.22 Win32.Parite.B
Ikarus T3.1.1.74.0 2009.11.21 Virus.Win32.Parite
Jiangmin 11.0.800 2009.11.21 Win32/Parite.b
K7AntiVirus 7.10.901 2009.11.20 Virus.Win32.Parite.a
Kaspersky 7.0.0.125 2009.11.22 Virus.Win32.Parite.b
McAfee 5809 2009.11.21 W32/Pate.b
McAfee+Artemis 5809 2009.11.21 W32/Pate.b
McAfee-GW-Edition 6.8.5 2009.11.21 Win32.Parite
Microsoft 1.5302 2009.11.21 Virus:Win32/Parite.B
NOD32 4627 2009.11.21 Win32/Parite.B
Norman 6.03.02 2009.11.21 W32/Pinfi.A
nProtect 2009.1.8.0 2009.11.22 -
Panda 10.0.2.2 2009.11.21 W32/Parite.B
PCTools 7.0.3.5 2009.11.21 Win32.Parite.B
Prevx 3.0 2009.11.22 -
Rising 22.22.06.01 2009.11.22 Win32.Parite.b
Sophos 4.47.0 2009.11.22 W32/Parite-B
Sunbelt 3.2.1858.2 2009.11.21 Win32.Parite.b (v)
Symantec 1.4.4.12 2009.11.22 W32.Pinfi
TheHacker 6.5.0.2.075 2009.11.20 W32/Pate.B
TrendMicro 9.0.0.1003 2009.11.22 PE_PARITE.A
VBA32 3.12.12.0 2009.11.22 Win32.Parite.B
ViRobot 2009.11.20.2047 2009.11.20 Win32.Parite.A
VirusBuster 5.0.21.0 2009.11.21 Win32.Parite.B
Additional information
File size: 1836506 bytes
MD5...: 49308e24a5e374f76686988e96da9c52
SHA1..: f5a4fc417c49813e698af37376ae11c6995c554d
SHA256: 48c10cbcb528c72756b24b5da93ebd0302d839305f636e9b18e92eb2131f8fa0
ssdeep: 12288:qwIkN+YtK766xzwWSOuqJ7YGeqYXNKJoqS3wATH4AIWQ/BHq3qTb96JBYM
hArJ5q:pN3G62wWSx7wYDkYqIBKn8T
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x19d000
timedatestamp.....: 0x498a3058 (Thu Feb 05 00:18:32 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3b3ba 0x3c000 6.51 3c4b0542f77f5780cb8d74234c4d273f
.rdata 0x3d000 0x6a98 0x7000 4.73 77c743ecfad8bfbec79f35e0a096d0df
.data 0x44000 0xcdc4 0x3000 2.74 1eb788fca6cd84e66dae89f35783bc4a
.rsrc 0x51000 0x14b630 0x14c000 5.66 c4342fa70ef34eb2f795636525e46297
.mjg 0x19d000 0x1000 0x1000 6.93 0b39056edd0c4a45957af8f19ec31bc9

( 7 imports )
> KERNEL32.dll: LoadLibraryA, GetProcAddress, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, SetStdHandle, LoadLibraryA, IsBadCodePtr, IsBadReadPtr, GetOEMCP, GetACP, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetCPInfo, GetDateFormatA, GetTimeFormatA, GetStringTypeW, GetStringTypeA, InitializeCriticalSection, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, HeapSize, UnhandledExceptionFilter, GetModuleFileNameA, GetStdHandle, WriteFile, TerminateProcess, ExitProcess, SetUnhandledExceptionFilter, LCMapStringW, LCMapStringA, GetSystemInfo, VirtualProtect, VirtualQuery, InterlockedExchange, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, SetLastError, TlsAlloc, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, EnterCriticalSection, FatalAppExitA, FlushFileBuffers, GetLocaleInfoW, ReadFile, CompareStringA, CompareStringW, GetCommandLineW, WaitForSingleObject, ReleaseMutex, GetVersionExW, DeleteFileW, FindNextFileW, RemoveDirectoryW, FindFirstFileW, FindClose, SetFileAttributesW, MoveFileExW, GetWindowsDirectoryW, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, CreateFileW, CreateProcessW, GetExitCodeProcess, CloseHandle, GetCurrentThread, LocalAlloc, LocalFree, GetCurrentProcess, lstrcmpiW, WideCharToMultiByte, GetUserDefaultLCID, lstrcpynW, lstrcatW, Sleep, lstrlenW, CreateMutexW, GetLastError, lstrcmpW, OutputDebugStringW, MultiByteToWideChar, GetModuleHandleW, GetProcAddress, FreeLibrary, GetUserDefaultLangID, lstrcpyW, LoadLibraryW, GetSystemDirectoryW, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, FreeEnvironmentStringsA, LeaveCriticalSection, DeleteCriticalSection, HeapAlloc, HeapFree, RtlUnwind, RaiseException, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersionExA, SetEnvironmentVariableA
> VERSION.dll: GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
> USER32.dll: FindWindowExW, IsWindowVisible, PostQuitMessage, PtInRect, MessageBoxW, SystemParametersInfoW, ReleaseDC, SendDlgItemMessageW, wvsprintfW, wsprintfA, ExitWindowsEx, GetClassNameW, MapWindowPoints, MapDialogRect, InvalidateRect, CallWindowProcW, LoadImageW, IsWindowEnabled, SetFocus, DestroyWindow, KillTimer, SetWindowTextW, CheckDlgButton, IsDlgButtonChecked, CheckRadioButton, GetClientRect, GetWindowRect, ScreenToClient, GetWindowLongW, EnableWindow, LoadStringW, SetWindowLongW, DialogBoxParamW, SetDlgItemTextW, EndDialog, SetTimer, GetDlgItem, IsWindow, GetDC, LoadCursorW, RegisterClassExW, CreateWindowExW, ShowWindow, UpdateWindow, DefWindowProcW, BeginPaint, EndPaint, GetParent, FindWindowW, SendMessageW, PostMessageW, EnumDisplaySettingsW, GetSystemMetrics, ChangeDisplaySettingsW, wsprintfW, MoveWindow
> GDI32.dll: CreateFontW, GetDeviceCaps, GetObjectW, CreateBrushIndirect, PatBlt, GetPixel, CreateCompatibleDC, CreateBitmap, CreateCompatibleBitmap, SetStretchBltMode, StretchBlt, BitBlt, SetBkColor, CreateFontIndirectW, SetBkMode, SelectObject, SetTextColor, GetTextExtentPoint32W, TextOutW, DeleteObject, CreateDCW, DeleteDC, GetStockObject
> COMCTL32.dll: PropertySheetW, CreatePropertySheetPageW
> ADVAPI32.dll: RegDeleteValueW, RegFlushKey, RegEnumKeyExW, RegLoadKeyW, RegUnLoadKeyW, RegDeleteKeyW, ImpersonateSelf, OpenThreadToken, AllocateAndInitializeSid, InitializeSecurityDescriptor, GetLengthSid, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSecurityDescriptor, AccessCheck, RevertToSelf, FreeSid, RegCreateKeyExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegCloseKey
> SHELL32.dll: ShellExecuteW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: NVIDIA Corporation
copyright....: © NVIDIA Corporation. All rights reserved.
product......: NVIDIA nView Wizard, Version 120.87
description..: NVIDIA nView Wizard, Version 120.87
original name: nWiz.exe
internal name: nWiz
file version.: 6.14.10.12087
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#9 budigans

budigans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 21 November 2009 - 11:28 PM

C:\WINDOWS\System32\svchost.exe

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.11.21 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.72 2009.11.20 -
Antiy-AVL 2.0.3.7 2009.11.20 -
Authentium 5.2.0.5 2009.11.21 -
Avast 4.8.1351.0 2009.11.21 -
AVG 8.5.0.425 2009.11.21 -
BitDefender 7.2 2009.11.22 -
CAT-QuickHeal 10.00 2009.11.21 -
ClamAV 0.94.1 2009.11.22 -
Comodo 2993 2009.11.22 -
DrWeb 5.0.0.12182 2009.11.22 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7133 2009.11.20 -
F-Prot 4.5.1.85 2009.11.21 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.21 -
GData 19 2009.11.22 -
Ikarus T3.1.1.74.0 2009.11.21 -
Jiangmin 11.0.800 2009.11.21 -
K7AntiVirus 7.10.901 2009.11.20 -
Kaspersky 7.0.0.125 2009.11.22 -
McAfee 5809 2009.11.21 -
McAfee+Artemis 5809 2009.11.21 -
McAfee-GW-Edition 6.8.5 2009.11.21 Heuristic.LooksLike.Win32.Luder.L
Microsoft 1.5302 2009.11.21 -
NOD32 4627 2009.11.21 -
Norman 6.03.02 2009.11.21 -
nProtect 2009.1.8.0 2009.11.22 -
Panda 10.0.2.2 2009.11.21 -
PCTools 7.0.3.5 2009.11.21 -
Prevx 3.0 2009.11.22 -
Rising 22.22.06.01 2009.11.22 -
Sophos 4.47.0 2009.11.22 -
Sunbelt 3.2.1858.2 2009.11.21 -
Symantec 1.4.4.12 2009.11.22 -
TheHacker 6.5.0.2.075 2009.11.20 -
TrendMicro 9.0.0.1003 2009.11.22 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.20.2047 2009.11.20 -
VirusBuster 5.0.21.0 2009.11.21 -
Additional information
File size: 12800 bytes
MD5...: 0f7d9c87b0ce1fa520473119752c6f79
SHA1..: 1e1de0781b4d84120ad0f48599f89da95f26ad7a
SHA256: 93a00f076831ad62df8ada1557be04e707bc85d5222c544ca9d4fd60fddfee4c
ssdeep: 384:TRb8NSY0qnCKUlaQ2Cwx/DSNC1xz0Tm/+1Mai284YHrFWCZbW:TN8sYvUsQ2
CwN/LV
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1ce2
timedatestamp.....: 0x3b7de4c5 (Sat Aug 18 03:45:09 2001)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2450 0x2600 6.10 e2cc9a4cb3a088b06203a1ee84763a21
.data 0x4000 0x1f4 0x200 1.50 1a396ac5334432d459f3697937a48e6e
.rsrc 0x5000 0x408 0x600 2.47 df415f1328865e4cbd290ad3189697e1

( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, GetCurrentProcess, GetCurrentThread, HeapAlloc, LoadLibraryExW, LeaveCriticalSection, lstrcmpW, EnterCriticalSection, LCMapStringW, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, LocalFree, GetProcAddress, DelayLoadFailureHook, LocalAlloc
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, RtlCopySid, RtlSubAuthorityCountSid, NtClose, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlUnhandledExceptionFilter, wcslen, RtlImageNtHeader
> RPCRT4.dll: RpcMgmtSetServerStackSize, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIf, RpcServerUnregisterIfEx, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.0 (xpclient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:58 PM

Posted 22 November 2009 - 09:38 AM

Hi,


Bad news :(


Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:58 PM

Posted 28 November 2009 - 11:25 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users