Sign in to follow this  
Morphling

Many websites don't work and keep getting infected with Rogue.Antispywares

Recommended Posts

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-24 14:32:52

Windows 5.1.2600

 

 

---- Kernel code sections - GMER 1.0.14 ----

 

.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [ 06 ]

? C:\WINDOWS\system32\drivers\ati1qvxx.sys Access is denied.

 

---- User code sections - GMER 1.0.14 ----

 

? C:\WINDOWS\System32\svchost.exe[192] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll

? C:\WINDOWS\system32\svchost.exe[404] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

? C:\WINDOWS\system32\svchost.exe[428] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

? C:\WINDOWS\system32\svchost.exe[440] image checksum mismatch; time/date stamp mismatch; unknown module: msvcrt.dll

? C:\WINDOWS\system32\svchost.exe[448] image checksum mismatch; time/date stamp mismatch; unknown module: msvcrt.dllunknown module: gdiplus.dllunknown module: OLEAUT32.dll

? C:\WINDOWS\System32\svchost.exe[1136] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll

? C:\WINDOWS\system32\svchost.exe[1328] image checksum mismatch; time/date stamp mismatch; unknown module: msvcrt.dll

? C:\WINDOWS\system32\svchost.exe[1372] image checksum mismatch; time/date stamp mismatch; unknown module: msvcrt.dllunknown module: gdiplus.dllunknown module: OLEAUT32.dll

? C:\WINDOWS\system32\svchost.exe[1500] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

? C:\WINDOWS\System32\svchost.exe[2032] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll

 

---- User IAT/EAT - GMER 1.0.14 ----

 

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD1A6B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDAE23] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD842A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD580B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DD590B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DD5C55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DD839F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77DD1B65] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E7C866] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [77E79C94] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E72D97] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E6FCCD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E6F65E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E6C703] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [77F522F2] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [77E79B39] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E78B61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E72E92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E79E34] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [77E7F044] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E7C3A5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E7980A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [77E6169A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [77E77F21] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E7513C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E7A13F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E71B14] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E7166F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77E79424] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77F51587] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E7339C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E7C938] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77E79D5B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77E7AC37] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77E74A69] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E737DE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77E77963] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [77E8074A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [77E75CB5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77E776A0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77E74672] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77E78D60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77E73803] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77E736A3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [77E775F1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77E79A26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77E79908] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [77F7E300] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 53E58955

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 0154EC81

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] EC830000

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] E8858D0C

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 50FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 000740E8

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 10C48300

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 0574C085

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 00017CE9

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 08EC8300

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 40800068

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] E8858D00

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 50FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] EC83FFFF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] E8858D0C

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 50FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 00097FE8

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 8903048D

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 04EC83FF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 8D50FFFF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] FFFEC885

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 858D50FF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] FFFFFED8

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 02BDE850

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] C4830000

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 08EC8310

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] FEC8858D

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] FF50FFFF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] FFFEB4B5

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 091EE8FF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] C4830000

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 04EC8308

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 740035FF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 00680040

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 8D004020

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] FFFEE885

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 83000000

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] C08510C4

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] EC835075

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 80026804

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 858D0040

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] FFFFFEC8

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] D8858D50

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 50FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 00070BE8

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 10C48300

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 6808EC83

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [00408002] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FEE8858D

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] E850FFFF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 0000012F

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 8510C483

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] E90574C0

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 000000AD

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 680CEC83

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 0000EA60

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 0CC48300

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] EC83EEEB

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] B8858D08

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 50FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] FEB4B5FF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 95E8FFFF

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 83000008

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EC8308C4

IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0035FF04

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 81E58955

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 0001A8EC

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 08EC8300

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] FE64858D

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 6A50FFFF

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 68006A00

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [00401366] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 006A006A

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 001A3BE8

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 08C48300

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8D08EC83

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FFFE6885

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 026A50FF

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] EC832CEB

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 0035FF0C

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF004030

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 40300435

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 68004030

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 40302068

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] C4830000

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 1AF2E820

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] EC830000

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] EA60680C

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] D5E80000

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 83000019

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] EEEB0CC4

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 81E58955

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 000168EC

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0CEC8300

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 80000068

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 0506E800

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] C4830000

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] D4858910

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 8BFFFFFE

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFED485

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 75C085FF

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 49E80000

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 8900000A

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] FFFED085

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 1442E8FF

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 85890000

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] FFFFFECC

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FED885C6

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8376FFFF

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 75FF0CEC

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 1A7AE814

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C4830000

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] D985890C

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C6FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] FFFEDD85

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] EC8368FF

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] D0B5FF0C

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] E8FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 00001A5C

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 890CC483

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] FFFEDE85

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 66FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 6A0CEC83

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 1A42E801

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C4830000

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] E385890C

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] C6FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] FFFEE785

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EC8356FF

IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 1875FF0C

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77E79A26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77E79F93] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77E802FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77E80656] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77E6167B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [77E80618] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 00000000

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [71ABF628] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [71AB12A7] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [71AB1746] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [71AB1746] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [71AB1B7B] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [71AB1836] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [71AB41DA] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [71AB1740] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [71AB1890] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [71AB3C22] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [71AB4122] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [71AB3E5D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [71AB868D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [71AB1AF4] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [71AB1ED3] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [71AB5690] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [71AB1444] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [71AB155A] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [71AB2BBF] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [71AB1A6D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [71AB8629] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [71AB3ECE] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [71AB5DE2] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [71AB3F8D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [71AB401C] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [77C3D952] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77C2AC58] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77C3EC2E] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [77C5AC80] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77C1BB7D] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [77C1BBBC] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77C1BB43] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77C4A658] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [77C2197B] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77C43500] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [77C3DFB5] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77C3D947] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77C3D8F6] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77C3BF06] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77C3E001] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77C3D95D] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77C3DC10] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [77C43AB0] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77C1D321] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77C1D0B4] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [77C43790] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD590B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD842A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77C72889] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77C73DC1] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77C731DA] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77C7565A] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77C816A3] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77C81601] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E78EAA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [77E75E67] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E73628] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E75D9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E74155] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E775F1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E79F93] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E802FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E80656] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77E6167B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E7A099] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [77E76A60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E80618] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E7166F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E6C879] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [77E71B14] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [77E73679] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77EB36A5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E73196] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E77CCE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77E79924] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77E79A45] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [77E705FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 00000000

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [771216A4] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [77123073] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [771214E8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [771370A8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77133C47] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7717F4FB] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7712151D] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77121651] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77123662] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7712BB03] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [77137481] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77132F3C] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7715EB66] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7712C30C] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDA595] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DF7311] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F364F6] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F35351] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [76F21A83] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77C7D2CC] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E73803] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [77E78D60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E61608] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E704FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E61A90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [77EBB1E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [77E79824] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [77EBA6E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E76E3D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E77C4C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [77E776A0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77E79D5B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E73196] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77F51597] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E7C938] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [77E74D76] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E77797] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E75CB5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [77E73C49] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E75CEB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E62348] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E77963] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E7AC37] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [77E8074A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77E76432] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E7339C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E76A2E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77E79D8C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77E78C81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E6CD4F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77E7C726] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77F516F8] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77F5722F] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 00000000

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77428B97] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00000000

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [772D4365] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [772D884E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00000000

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77D4CBFF] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77D45F40] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77D4C96A] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000000

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [762059A3] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [76206B7F] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7620AFB6] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77E79A26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77E79F93] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77E802FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77E80656] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77E6167B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [77E80618] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 00000000

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [71ABF628] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [71AB12A7] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [71AB1746] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [71AB1746] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [71AB1B7B] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [71AB1836] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [71AB41DA] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [71AB1740] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [71AB1890] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [71AB3C22] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [71AB4122] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [71AB3E5D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [71AB868D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [71AB1AF4] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [71AB1ED3] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [71AB5690] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [71AB1444] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [71AB155A] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [71AB2BBF] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [71AB1A6D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [71AB8629] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [71AB3ECE] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [71AB5DE2] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [71AB3F8D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [71AB401C] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [77C3D952] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77C2AC58] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77C3EC2E] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [77C5AC80] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77C1BB7D] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [77C1BBBC] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77C1BB43] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77C4A658] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [77C2197B] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77C43500] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [77C3DFB5] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77C3D947] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77C3D8F6] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77C3BF06] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77C3E001] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77C3D95D] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77C3DC10] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [77C43AB0] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77C1D321] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77C1D0B4] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [77C43790] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD590B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD842A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77C72889] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77C73DC1] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77C731DA] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77C7565A] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77C816A3] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77C81601] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E78EAA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [77E75E67] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E73628] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E75D9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E74155] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E775F1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E79F93] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E802FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E80656] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77E6167B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E7A099] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [77E76A60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E80618] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E7166F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E6C879] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [77E71B14] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [77E73679] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77EB36A5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E73196] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E77CCE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77E79924] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77E79A45] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [77E705FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 00000000

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [771216A4] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [77123073] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [771214E8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [771370A8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77133C47] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7717F4FB] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7712151D] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77121651] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77123662] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7712BB03] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [77137481] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77132F3C] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7715EB66] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7712C30C] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 81E58955

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 0001A8EC

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 08EC8300

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] FE64858D

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 6A50FFFF

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 68006A00

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [00401366] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 006A006A

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 001A3BE8

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 08C48300

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8D08EC83

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FFFE6885

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 026A50FF

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] EC832CEB

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 0035FF0C

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF004030

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 40300435

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 68004030

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 40302068

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] C4830000

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 1AF2E820

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] EC830000

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] EA60680C

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] D5E80000

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 83000019

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] EEEB0CC4

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 81E58955

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 000168EC

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0CEC8300

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 80000068

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 0506E800

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] C4830000

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] D4858910

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 8BFFFFFE

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFED485

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 75C085FF

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 49E80000

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 8900000A

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] FFFED085

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 1442E8FF

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 85890000

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] FFFFFECC

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FED885C6

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8376FFFF

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 75FF0CEC

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 1A7AE814

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C4830000

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] D985890C

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C6FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] FFFEDD85

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] EC8368FF

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] D0B5FF0C

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] E8FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 00001A5C

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 890CC483

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] FFFEDE85

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 66FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 6A0CEC83

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 1A42E801

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C4830000

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] E385890C

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] C6FFFFFE

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] FFFEE785

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EC8356FF

IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 1875FF0C

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDA595] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DF7311] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F364F6] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F35351] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [76F21A83] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77C7D2CC] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E73803] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [77E78D60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E61608] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E704FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E78C81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E61BB8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [77E7AA83] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [77EBB1E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E706B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E79824] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [77EBA6E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E76E3D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77E7C938] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E74D76] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [77E77797] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E75CB5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E73C49] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [77E75CEB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E62348] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E7AC37] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77E8074A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [77E76432] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77E7339C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E76A2E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E7C726] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77F516F8] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F5722F] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77F51597] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E73196] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77E79D5B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77E776A0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77E77C4C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 00000000

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77428B97] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00000000

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [772D4365] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [772D884E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00000000

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77D4CBFF] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77D45F40] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77D4C96A] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000000

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [762059A3] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [76206B7F] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7620AFB6] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

 

---- Devices - GMER 1.0.14 ----

 

Device \FileSystem\Ntfs \Ntfs 8277E9C0

Device \FileSystem\Fastfat \FatCdrom 8277E9C0

Device \FileSystem\Mup \Dfs 8277E9C0

Device \FileSystem\RAW \Device\RawTape 8277E9C0

Device \FileSystem\MRxDAV \Device\WebDavRedirector 8277E9C0

Device \FileSystem\Mup \Device\Mup 8277E9C0

Device \FileSystem\RAW \Device\RawDisk 8277E9C0

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8277E9C0

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8277E9C0

Device \FileSystem\RAW \Device\RawCdRom 8277E9C0

Device \Driver\ati1qvxx \Device\Prot3 8277DFA0

Device \FileSystem\Mup \Device\WinDfs\Root 8277E9C0

Device \FileSystem\Fastfat \Fat 8277E9C0

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8277E9C0

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8277E9C0

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8277E9C0

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8277E9C0

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8277E9C0

 

---- Threads - GMER 1.0.14 ----

 

Thread 4:108 8277EBF0

 

---- Files - GMER 1.0.14 ----

 

ADS C:\System Volume Information\_restore{A1DC68F5-7718-4E3B-A888-D53738EFA26D}\RP2\A0001071.exe:ext.exe 25088 bytes executable

ADS C:\WINDOWS\system32\svchost.exe:ext.exe 25600 bytes executable <-- ROOTKIT !!!

 

---- Services - GMER 1.0.14 ----

 

Service C:\WINDOWS\System32\svchost.exe:ext.exe [AUTO] ICF <-- ROOTKIT !!!

 

---- EOF - GMER 1.0.14 ----

 

Share this post


Link to post
Share on other sites

Yep same infection is there, you must have brought it over

 

Few things for you to do

 

 

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

 

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

 

 

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

Link 3

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
     
  • Double click on ComboFix.exe & follow the prompts.
     
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

RcAuto1.gif

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

 

 

 

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\WINDOWS\system32\drivers\ati1qvxx.sys

    [*]Click on the Upload button

    [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

    [*]Paste the contents of the Clipboard in your next reply.

Share this post


Link to post
Share on other sites

Sorry for not reading your steps properly. I ran SDFix in administrator instead of my usual account. Am going to scan again in normal account. Here is the Report in Administrator account :

 

Sorry once again.

 

SDFix: Version 1.240

Run by Administrator on Tue 25/11/2008 at 11:42 AM

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Rootkit Found :

C:\WINDOWS\system32\drivers\ATI1QVXX.sys - Rootkit Pandex/Cutwail - Protect.sys

 

Name :

FCI

ICF

ATI1QVXX

 

Path :

C:\WINDOWS\System32\svchost.exe:ext.exe

C:\WINDOWS\System32\svchost.exe:ext.exe

System32\Drivers\ati1qvxx.sys

 

FCI - Deleted

ICF - Deleted

ATI1QVXX - Deleted

 

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

Service FCI - Deleted after Reboot

Service ICF - Deleted after Reboot

Service ATI1QVXX - Deleted after Reboot

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\NHARYQCJ.dll - Deleted

C:\WINDOWS\system32\NHARYQ~1.dll - Deleted

C:\WINDOWS\wiaservv.log - Deleted

C:\WINDOWS\system32\drivers\ATI1QVXX.sys - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

C:\WINDOWS\system32\svchost.exe

: ADS Found!

svchost.exe: deleted 25600 bytes in 1 streams.

 

Checking for remaining Streams

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 11:51:24

Windows 5.1.2600 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\svchost.exe:ext.exe 25088 bytes executable

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 1

 

 

Remaining Services :

 

ATI1QVXX

 

 

 

Authorized Application Key Export:

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 25 Nov 2008 120,590,081 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\download\BIT15.tmp"

 

Finished!

Share this post


Link to post
Share on other sites

ComboFix 08-11-23.02 - Mahamed 2008-11-25 12:22:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.221 [GMT 11:00]

Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\wiaserviv.log

 

.

((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))

.

 

2008-11-25 11:40 . 2008-11-25 11:40 <DIR> d-------- c:\windows\ERUNT

2008-11-25 11:39 . 2008-11-25 12:08 <DIR> d-------- C:\SDFix

2008-11-25 11:39 . 2008-11-25 11:39 <DIR> d-------- c:\documents and settings\Administrator

2008-11-25 08:43 . 2008-11-25 08:43 <DIR> d---s---- c:\windows\system32\config\systemprofile\UserData

2008-11-24 18:51 . 2008-11-24 21:00 <DIR> d-------- c:\program files\SpywareBlaster

2008-11-24 18:51 . 2008-11-24 19:08 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-11-24 16:57 . 2008-11-24 16:57 <DIR> d-------- c:\windows\system32\bits

2008-11-24 16:56 . 2004-07-02 09:08 361,984 --a--c--- c:\windows\system32\dllcache\qmgr.dll

2008-11-24 16:56 . 2004-07-02 09:08 331,776 --a------ c:\windows\system32\winhttp.dll

2008-11-24 16:56 . 2004-07-01 10:59 158,720 --------- c:\windows\system32\xpob2res.dll

2008-11-24 16:56 . 2004-07-02 09:08 17,408 --a------ c:\windows\system32\qmgrprxy.dll

2008-11-24 16:56 . 2004-07-02 09:08 17,408 --a--c--- c:\windows\system32\dllcache\qmgrprxy.dll

2008-11-24 16:56 . 2004-07-02 09:08 7,680 -----c--- c:\windows\system32\dllcache\bitsprx2.dll

2008-11-24 16:56 . 2004-07-02 09:08 7,680 --------- c:\windows\system32\bitsprx2.dll

2008-11-24 16:56 . 2004-07-02 09:08 7,168 -----c--- c:\windows\system32\dllcache\bitsprx3.dll

2008-11-24 16:56 . 2004-07-02 09:08 7,168 --------- c:\windows\system32\bitsprx3.dll

2008-11-24 16:44 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll

2008-11-24 16:44 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll

2008-11-24 16:44 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl

2008-11-24 16:44 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll

2008-11-24 16:44 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll

2008-11-24 16:44 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe

2008-11-24 16:44 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll

2008-11-24 14:01 . 2008-11-24 14:01 <DIR> d-------- c:\program files\Gmer

2008-11-24 14:01 . 2008-11-24 14:20 250 --a------ c:\windows\gmer.ini

2008-11-23 21:48 . 2008-11-23 21:48 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Microsoft Web Folders

2008-11-23 18:05 . 2008-11-23 18:05 75,039 --a------ c:\documents and settings\Mahamed\S87ekhV.exe

2008-11-23 18:05 . 2008-11-23 18:05 12,800 --a------ c:\documents and settings\Mahamed\drwvas.exe

2008-11-23 16:26 . 2008-11-23 16:26 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Malwarebytes

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-25 00:28 12,800 ----a-w c:\windows\system32\svchost.exe

2008-11-23 10:47 --------- d-----w c:\program files\microsoft frontpage

2008-11-23 05:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-11-23 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-23 05:22 --------- d-----w c:\program files\Trend Micro

2008-11-23 04:40 --------- d-----w c:\program files\DIFX

2008-11-23 04:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-10-22 05:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 05:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2001-10-04 13312]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-04 13312]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-22 65588]

 

S4 hpt3xx;hpt3xx; []

 

*Newly Created Service* - ALG

*Newly Created Service* - IPNAT

*Newly Created Service* - PROCEXP90

*Newly Created Service* - SHAREDACCESS

.

- - - - ORPHANS REMOVED - - - -

 

Notify-nharyqcj - nharyqcj32.dll

SafeBoot-Winxe83.sys

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\Mahamed\Application Data\Mozilla\Firefox\Profiles\yf1jfh2e.default\

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 12:24:10

Windows 5.1.2600 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(604)

c:\windows\system32\ODBC32.dll

c:\windows\System32\rsaenh.dll

 

- - - - - - - > 'lsass.exe'(660)

c:\windows\System32\rsaenh.dll

c:\windows\System32\dssenh.dll

.

Completion time: 2008-11-25 12:25:19

ComboFix-quarantined-files.txt 2008-11-25 01:25:16

 

Pre-Run: 75,436,298,240 bytes free

Post-Run: 75,428,724,736 bytes free

 

WinXP_EN_PRO_BF.EXE

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

 

113 --- E O F --- 2008-11-24 05:57:48

Share this post


Link to post
Share on other sites

Hello

 

 

1. Close any open browsers.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Open notepad and copy/paste the text in the quotebox below into it:

 

File::

c:\documents and settings\Mahamed\S87ekhV.exe

c:\documents and settings\Mahamed\drwvas.exe

 

Folder::

 

Driver::

hpt3xx

 

Registry::

 

Driver::

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\svchost.exe

    [*]Click on the Upload button

    [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

    [*]Paste the contents of the Clipboard in your next reply.

 

 

Please download Malwarebytes' Anti-Malware from Here or Here

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Share this post


Link to post
Share on other sites

ComboFix 08-11-23.02 - Mahamed 2008-11-25 12:36:22.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.218 [GMT 11:00]

Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt

* Created a new restore point

 

FILE ::

c:\documents and settings\Mahamed\drwvas.exe

c:\documents and settings\Mahamed\S87ekhV.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Mahamed\drwvas.exe

c:\documents and settings\Mahamed\S87ekhV.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_hpt3xx

 

 

((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))

.

 

2008-11-25 11:40 . 2008-11-25 11:40 <DIR> d-------- c:\windows\ERUNT

2008-11-25 11:39 . 2008-11-25 12:08 <DIR> d-------- C:\SDFix

2008-11-25 11:39 . 2008-11-25 11:39 <DIR> d-------- c:\documents and settings\Administrator

2008-11-25 08:43 . 2008-11-25 08:43 <DIR> d---s---- c:\windows\system32\config\systemprofile\UserData

2008-11-24 18:51 . 2008-11-24 21:00 <DIR> d-------- c:\program files\SpywareBlaster

2008-11-24 18:51 . 2008-11-24 19:08 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-11-24 16:57 . 2008-11-24 16:57 <DIR> d-------- c:\windows\system32\bits

2008-11-24 16:56 . 2004-07-02 09:08 361,984 --a--c--- c:\windows\system32\dllcache\qmgr.dll

2008-11-24 16:56 . 2004-07-02 09:08 331,776 --a------ c:\windows\system32\winhttp.dll

2008-11-24 16:56 . 2004-07-01 10:59 158,720 --------- c:\windows\system32\xpob2res.dll

2008-11-24 16:56 . 2004-07-02 09:08 17,408 --a------ c:\windows\system32\qmgrprxy.dll

2008-11-24 16:56 . 2004-07-02 09:08 17,408 --a--c--- c:\windows\system32\dllcache\qmgrprxy.dll

2008-11-24 16:56 . 2004-07-02 09:08 7,680 -----c--- c:\windows\system32\dllcache\bitsprx2.dll

2008-11-24 16:56 . 2004-07-02 09:08 7,680 --------- c:\windows\system32\bitsprx2.dll

2008-11-24 16:56 . 2004-07-02 09:08 7,168 -----c--- c:\windows\system32\dllcache\bitsprx3.dll

2008-11-24 16:56 . 2004-07-02 09:08 7,168 --------- c:\windows\system32\bitsprx3.dll

2008-11-24 16:44 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll

2008-11-24 16:44 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll

2008-11-24 16:44 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl

2008-11-24 16:44 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll

2008-11-24 16:44 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll

2008-11-24 16:44 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe

2008-11-24 16:44 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll

2008-11-24 14:01 . 2008-11-24 14:01 <DIR> d-------- c:\program files\Gmer

2008-11-24 14:01 . 2008-11-24 14:20 250 --a------ c:\windows\gmer.ini

2008-11-23 21:48 . 2008-11-23 21:48 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Microsoft Web Folders

2008-11-23 16:26 . 2008-11-23 16:26 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Malwarebytes

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-25 00:28 12,800 ----a-w c:\windows\system32\svchost.exe

2008-11-23 10:47 --------- d-----w c:\program files\microsoft frontpage

2008-11-23 05:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-11-23 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-23 05:22 --------- d-----w c:\program files\Trend Micro

2008-11-23 04:40 --------- d-----w c:\program files\DIFX

2008-11-23 04:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-10-22 05:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 05:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll

.

 

((((((((((((((((((((((((((((( [email protected]_12.24.33.68 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 09:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2001-10-04 13312]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-04 13312]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-22 65588]

 

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 12:39:30

Windows 5.1.2600 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(608)

c:\windows\system32\ODBC32.dll

c:\windows\System32\rsaenh.dll

 

- - - - - - - > 'lsass.exe'(668)

c:\windows\System32\rsaenh.dll

c:\windows\System32\dssenh.dll

.

Completion time: 2008-11-25 12:40:59 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-25 01:40:51

ComboFix2.txt 2008-11-25 01:25:21

 

Pre-Run: 75,417,096,192 bytes free

Post-Run: 75,378,163,712 bytes free

 

104 --- E O F --- 2008-11-24 05:57:48

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.30

Database version: 1421

Windows 5.1.2600

 

25/11/2008 1:09:56 PM

mbam-log-2008-11-25 (13-09-56).txt

 

Scan type: Quick Scan

Objects scanned: 42724

Time elapsed: 3 minute(s), 16 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

There seems to be no signs of infections. Only two problems though :

 

1. svchost.exe (NETWORK SERVICE) takes 90%+ CPU Usage. I am forced to end the process and then my Computer works perfectly fine.

 

2. A couple of hours after opening SpwareGuard, it dissappears from my tray but sgbhp.exe and sgmain still run in my Task Manager.

 

Thanks again for all the help.

Edited by Morphling

Share this post


Link to post
Share on other sites

Can you post the Kaspersky log ?

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\svchost.exe

    [*]Click on the Upload button

    [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

    [*]Paste the contents of the Clipboard in your next reply.

 

 

Also post a new HJT log

Share this post


Link to post
Share on other sites

Oh. Didn't know i was meant to do a Kaspersky scan. Will do it now.

My net is uncapped on 8th of December so Virscan.org uploading still says "Est speed : 0 KBs" and "Est. Time Left : 16+ hours".

I think the svchost.exe CPU usage is high when Windows update is running.

Share this post


Link to post
Share on other sites

I can't do an online Kaspersky scan because for Java runtime to work i need Windows XP SP1 but i only have Version 2002. Since my net is capped (Brother downloaded so many movies, =.="), downloading the new Service Pack will take forever (like literally). I'll scan with Kaspersky once im uncapped (8th December). There doesn't seem to be any problems though.

Share this post


Link to post
Share on other sites

Yeah. I think it was hard to get rid of it before because i kept reinfecting my computer with my infected USB.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:01:52 AM, on 28/11/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\BitTorrent\BitTorrent.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

 

--

End of file - 2594 bytes

Share this post


Link to post
Share on other sites

Yep that must have been causing it

 

 

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Cleanup.png

 

  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

 

 

Below I have included a number of recommendations for how to protect your computer against malware infections.

 

* Keep Windows updated by regularly checking their website at :

http://windowsupdate.microsoft.com/

This will ensure your computer has always the latest security updates available installed on your computer.

 

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

 

SpywareBlaster protects against bad ActiveX

 

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

 

Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

 

*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

 

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

 

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

Here

 

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'

Here

 

Thank you for your patience, and performing all of the procedures requested.

Share this post


Link to post
Share on other sites

Done uninstalling all Combofix and done OTCleanIT.

Thanks once again for the help. New Captain (Fabregas) means Premiership is ours.

You can close the thread if you want.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. B)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this