Morphling 0 Report post Posted November 24, 2008 GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-24 14:32:52 Windows 5.1.2600 ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [ 06 ] ? C:\WINDOWS\system32\drivers\ati1qvxx.sys Access is denied. ---- User code sections - GMER 1.0.14 ---- ? C:\WINDOWS\System32\svchost.exe[192] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll ? C:\WINDOWS\system32\svchost.exe[404] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; ? C:\WINDOWS\system32\svchost.exe[428] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; ? C:\WINDOWS\system32\svchost.exe[440] image checksum mismatch; time/date stamp mismatch; unknown module: msvcrt.dll ? C:\WINDOWS\system32\svchost.exe[448] image checksum mismatch; time/date stamp mismatch; unknown module: msvcrt.dllunknown module: gdiplus.dllunknown module: OLEAUT32.dll ? C:\WINDOWS\System32\svchost.exe[1136] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll ? C:\WINDOWS\system32\svchost.exe[1328] image checksum mismatch; time/date stamp mismatch; unknown module: msvcrt.dll ? C:\WINDOWS\system32\svchost.exe[1372] image checksum mismatch; time/date stamp mismatch; unknown module: msvcrt.dllunknown module: gdiplus.dllunknown module: OLEAUT32.dll ? C:\WINDOWS\system32\svchost.exe[1500] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; ? C:\WINDOWS\System32\svchost.exe[2032] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD1A6B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDAE23] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD842A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD580B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DD590B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DD5C55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DD839F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77DD1B65] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000 IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E7C866] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [77E79C94] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E72D97] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E6FCCD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E6F65E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E6C703] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [77F522F2] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [77E79B39] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E78B61] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E72E92] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E79E34] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [77E7F044] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E7C3A5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E7980A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [77E6169A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [77E77F21] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E7513C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E7A13F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E71B14] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E7166F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77E79424] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77F51587] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E7339C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E7C938] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77E79D5B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77E7AC37] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77E74A69] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E737DE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77E77963] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [77E8074A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [77E75CB5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77E776A0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77E74672] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77E78D60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77E73803] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77E736A3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [77E775F1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77E79A26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77E79908] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [77F7E300] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 53E58955 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 0154EC81 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] EC830000 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] E8858D0C IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 50FFFFFE IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 000740E8 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 10C48300 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 0574C085 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 00017CE9 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 08EC8300 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 40800068 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] E8858D00 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 50FFFFFE IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] EC83FFFF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] E8858D0C IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 50FFFFFE IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 00097FE8 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 8903048D IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 04EC83FF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 8D50FFFF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] FFFEC885 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 858D50FF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] FFFFFED8 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 02BDE850 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] C4830000 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 08EC8310 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] FEC8858D IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] FF50FFFF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] FFFEB4B5 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 091EE8FF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] C4830000 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 04EC8308 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 740035FF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 00680040 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 8D004020 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] FFFEE885 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 83000000 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] C08510C4 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] EC835075 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 80026804 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 858D0040 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] FFFFFEC8 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] D8858D50 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 50FFFFFE IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 00070BE8 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 10C48300 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 6808EC83 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [00408002] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FEE8858D IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] E850FFFF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 0000012F IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 8510C483 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] E90574C0 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 000000AD IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 680CEC83 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 0000EA60 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 0CC48300 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] EC83EEEB IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] B8858D08 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 50FFFFFE IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] FEB4B5FF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 95E8FFFF IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 83000008 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EC8308C4 IAT C:\WINDOWS\system32\svchost.exe[404] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0035FF04 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 81E58955 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 0001A8EC IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 08EC8300 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] FE64858D IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 6A50FFFF IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 68006A00 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [00401366] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 006A006A IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 001A3BE8 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 08C48300 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8D08EC83 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FFFE6885 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 026A50FF IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] EC832CEB IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 0035FF0C IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF004030 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 40300435 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 68004030 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 40302068 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] C4830000 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 1AF2E820 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] EC830000 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] EA60680C IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] D5E80000 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 83000019 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] EEEB0CC4 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 81E58955 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 000168EC IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0CEC8300 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 80000068 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 0506E800 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] C4830000 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] D4858910 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 8BFFFFFE IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFED485 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 75C085FF IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 49E80000 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 8900000A IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] FFFED085 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 1442E8FF IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 85890000 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] FFFFFECC IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FED885C6 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8376FFFF IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 75FF0CEC IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 1A7AE814 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C4830000 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] D985890C IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C6FFFFFE IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] FFFEDD85 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] EC8368FF IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] D0B5FF0C IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] E8FFFFFE IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 00001A5C IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 890CC483 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] FFFEDE85 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 66FFFFFE IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 6A0CEC83 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 1A42E801 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C4830000 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] E385890C IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] C6FFFFFE IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] FFFEE785 IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EC8356FF IAT C:\WINDOWS\system32\svchost.exe[428] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 1875FF0C IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77E79A26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77E79F93] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77E802FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77E80656] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77E6167B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [77E80618] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 00000000 IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [71ABF628] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [71AB12A7] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [71AB1746] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [71AB1746] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [71AB1B7B] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [71AB1836] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [71AB41DA] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [71AB1740] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [71AB1890] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [71AB3C22] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [71AB4122] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [71AB3E5D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [71AB868D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [71AB1AF4] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [71AB1ED3] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [71AB5690] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [71AB1444] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [71AB155A] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [71AB2BBF] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [71AB1A6D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [71AB8629] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [71AB3ECE] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [71AB5DE2] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [71AB3F8D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [71AB401C] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000 IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [77C3D952] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77C2AC58] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77C3EC2E] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [77C5AC80] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77C1BB7D] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [77C1BBBC] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77C1BB43] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77C4A658] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [77C2197B] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77C43500] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [77C3DFB5] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77C3D947] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77C3D8F6] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77C3BF06] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77C3E001] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77C3D95D] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77C3DC10] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [77C43AB0] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77C1D321] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77C1D0B4] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [77C43790] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD590B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD842A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000 IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77C72889] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77C73DC1] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77C731DA] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77C7565A] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77C816A3] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77C81601] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E78EAA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [77E75E67] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E73628] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E75D9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E74155] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E775F1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E79F93] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E802FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E80656] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77E6167B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E7A099] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [77E76A60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E80618] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E7166F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E6C879] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [77E71B14] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [77E73679] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77EB36A5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E73196] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E77CCE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77E79924] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77E79A45] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [77E705FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 00000000 IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [771216A4] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [77123073] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [771214E8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [771370A8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77133C47] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7717F4FB] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7712151D] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77121651] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77123662] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7712BB03] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [77137481] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77132F3C] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7715EB66] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[448] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7712C30C] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDA595] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DF7311] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F364F6] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F35351] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [76F21A83] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77C7D2CC] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E73803] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [77E78D60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E61608] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E704FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E61A90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [77EBB1E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [77E79824] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [77EBA6E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E76E3D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E77C4C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [77E776A0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77E79D5B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E73196] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77F51597] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E7C938] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [77E74D76] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E77797] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E75CB5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [77E73C49] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E75CEB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E62348] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E77963] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E7AC37] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [77E8074A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77E76432] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E7339C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E76A2E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77E79D8C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77E78C81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E6CD4F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77E7C726] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77F516F8] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77F5722F] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77428B97] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [772D4365] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [772D884E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77D4CBFF] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77D45F40] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77D4C96A] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [762059A3] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [76206B7F] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1136] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7620AFB6] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77E79A26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77E79F93] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77E802FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77E80656] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77E6167B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [77E80618] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 00000000 IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [71ABF628] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [71AB12A7] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [71AB1746] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [71AB1746] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [71AB1B7B] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [71AB1836] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [71AB41DA] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [71AB1740] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [71AB1890] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [71AB3C22] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [71AB4122] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [71AB3E5D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [71AB868D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [71AB1AF4] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [71AB1ED3] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [71AB5690] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [71AB1444] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [71AB155A] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [71AB2BBF] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [71AB1A6D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [71AB8629] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [71AB3ECE] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [71AB5DE2] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [71AB3F8D] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [71AB401C] C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000 IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [77C3D952] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77C2AC58] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77C3EC2E] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [77C5AC80] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77C1BB7D] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [77C1BBBC] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77C1BB43] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77C4A658] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [77C2197B] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77C43500] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [77C3DFB5] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77C3D947] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77C3D8F6] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77C3BF06] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77C3E001] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77C3D95D] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77C3DC10] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [77C43AB0] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77C1D321] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77C1D0B4] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1328] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [77C43790] C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD590B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DD842A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000 IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77C72889] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77C73DC1] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77C731DA] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77C7565A] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77C816A3] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77C81601] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E78EAA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] [77E75E67] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E73628] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E75D9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E74155] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E775F1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] [77F6183E] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [77E7C9E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E79F93] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E802FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E80656] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77E6167B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E616B4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E79C90] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] [77EB9A84] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E7A099] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] [77E76A60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E80618] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E7166F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E6C879] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [77E71B14] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [77E73679] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77EB36A5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E73196] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E77CCE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77E79924] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77E79A45] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] [77E705FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E7A5FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [77E805D8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 00000000 IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [771216A4] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] [77123073] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [771214E8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] [771370A8] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77133C47] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7717F4FB] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7712151D] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77121651] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77123662] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7712BB03] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] [77137481] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77132F3C] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7715EB66] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1372] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7712C30C] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 81E58955 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 0001A8EC IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 08EC8300 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] FE64858D IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 6A50FFFF IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 68006A00 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [00401366] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 006A006A IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 001A3BE8 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 08C48300 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8D08EC83 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FFFE6885 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 026A50FF IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] EC832CEB IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 0035FF0C IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF004030 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 40300435 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 68004030 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 40302068 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] C4830000 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 1AF2E820 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] EC830000 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] EA60680C IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] D5E80000 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 83000019 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] EEEB0CC4 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 81E58955 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 000168EC IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 0CEC8300 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 80000068 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 0506E800 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] C4830000 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] D4858910 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 8BFFFFFE IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFED485 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 75C085FF IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 49E80000 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 8900000A IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] FFFED085 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 1442E8FF IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 85890000 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] FFFFFECC IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FED885C6 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8376FFFF IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 75FF0CEC IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 1A7AE814 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C4830000 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] D985890C IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C6FFFFFE IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] FFFEDD85 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] EC8368FF IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] D0B5FF0C IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] E8FFFFFE IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 00001A5C IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 890CC483 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] FFFEDE85 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 66FFFFFE IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 6A0CEC83 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 1A42E801 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C4830000 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] E385890C IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] C6FFFFFE IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] FFFEE785 IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EC8356FF IAT C:\WINDOWS\system32\svchost.exe[1500] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 1875FF0C IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD189A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD23D7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD22EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD59F0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDA595] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DF7311] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F364F6] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F35351] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [76F21A83] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77C7D2CC] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [77E73803] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [77E78D60] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [77E61608] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [77E704FC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [77E78C81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [77E61BB8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [77E7AA83] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [77EBB1E7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [77E706B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [77E79824] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [77EBA6E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [77F5157D] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [77E76E3D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [77E7C938] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [77E7C486] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [77E74D76] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [77E77797] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [77E75CB5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [77E73C49] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [77E61BE6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [77E75CEB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77E62348] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [77E77CC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77E7AC37] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [77E7C2C4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77E8074A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [77E76432] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77E77EF1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77E7339C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [77E76A2E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [77E7751A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77E7C726] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77F516F8] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F5722F] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77F51597] C:\WINDOWS\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77E73196] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77E79D5B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77E776A0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77E77C4C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77428B97] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [772D4365] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [772D884E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [77D4CBFF] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77D45F40] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77D4C96A] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [762059A3] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [76206B7F] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7620AFB6] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8277E9C0 Device \FileSystem\Fastfat \FatCdrom 8277E9C0 Device \FileSystem\Mup \Dfs 8277E9C0 Device \FileSystem\RAW \Device\RawTape 8277E9C0 Device \FileSystem\MRxDAV \Device\WebDavRedirector 8277E9C0 Device \FileSystem\Mup \Device\Mup 8277E9C0 Device \FileSystem\RAW \Device\RawDisk 8277E9C0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8277E9C0 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8277E9C0 Device \FileSystem\RAW \Device\RawCdRom 8277E9C0 Device \Driver\ati1qvxx \Device\Prot3 8277DFA0 Device \FileSystem\Mup \Device\WinDfs\Root 8277E9C0 Device \FileSystem\Fastfat \Fat 8277E9C0 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8277E9C0 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8277E9C0 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8277E9C0 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8277E9C0 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8277E9C0 ---- Threads - GMER 1.0.14 ---- Thread 4:108 8277EBF0 ---- Files - GMER 1.0.14 ---- ADS C:\System Volume Information\_restore{A1DC68F5-7718-4E3B-A888-D53738EFA26D}\RP2\A0001071.exe:ext.exe 25088 bytes executable ADS C:\WINDOWS\system32\svchost.exe:ext.exe 25600 bytes executable <-- ROOTKIT !!! ---- Services - GMER 1.0.14 ---- Service C:\WINDOWS\System32\svchost.exe:ext.exe [AUTO] ICF <-- ROOTKIT !!! ---- EOF - GMER 1.0.14 ---- Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 24, 2008 Yep same infection is there, you must have brought it over Few things for you to do Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: C:\WINDOWS\system32\drivers\ati1qvxx.sys [*]Click on the Upload button [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. [*]Paste the contents of the Clipboard in your next reply. Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 24, 2008 (edited) I think i got the infection while removing the virus from the USB's. Going to do SDfix now. Edited November 24, 2008 by Morphling Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 25, 2008 Sorry for not reading your steps properly. I ran SDFix in administrator instead of my usual account. Am going to scan again in normal account. Here is the Report in Administrator account : Sorry once again. SDFix: Version 1.240 Run by Administrator on Tue 25/11/2008 at 11:42 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Rootkit Found : C:\WINDOWS\system32\drivers\ATI1QVXX.sys - Rootkit Pandex/Cutwail - Protect.sys Name : FCI ICF ATI1QVXX Path : C:\WINDOWS\System32\svchost.exe:ext.exe C:\WINDOWS\System32\svchost.exe:ext.exe System32\Drivers\ati1qvxx.sys FCI - Deleted ICF - Deleted ATI1QVXX - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Service FCI - Deleted after Reboot Service ICF - Deleted after Reboot Service ATI1QVXX - Deleted after Reboot Checking Files : Trojan Files Found: C:\WINDOWS\system32\NHARYQCJ.dll - Deleted C:\WINDOWS\system32\NHARYQ~1.dll - Deleted C:\WINDOWS\wiaservv.log - Deleted C:\WINDOWS\system32\drivers\ATI1QVXX.sys - Deleted Removing Temp Files ADS Check : C:\WINDOWS\system32\svchost.exe : ADS Found! svchost.exe: deleted 25600 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS\system32\svchost.exe No streams found. Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 11:51:24 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\svchost.exe:ext.exe 25088 bytes executable scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services : ATI1QVXX Authorized Application Key Export: Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 25 Nov 2008 120,590,081 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\download\BIT15.tmp" Finished! Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 25, 2008 Ok run ComboFix You can leave the VirScan step though Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 25, 2008 Going to run Combofix now. THe second SDfix scan found nothing at all. Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 25, 2008 ComboFix 08-11-23.02 - Mahamed 2008-11-25 12:22:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.221 [GMT 11:00] Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\wiaserviv.log . ((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 ))))))))))))))))))))))))))))))) . 2008-11-25 11:40 . 2008-11-25 11:40 <DIR> d-------- c:\windows\ERUNT 2008-11-25 11:39 . 2008-11-25 12:08 <DIR> d-------- C:\SDFix 2008-11-25 11:39 . 2008-11-25 11:39 <DIR> d-------- c:\documents and settings\Administrator 2008-11-25 08:43 . 2008-11-25 08:43 <DIR> d---s---- c:\windows\system32\config\systemprofile\UserData 2008-11-24 18:51 . 2008-11-24 21:00 <DIR> d-------- c:\program files\SpywareBlaster 2008-11-24 18:51 . 2008-11-24 19:08 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-24 16:57 . 2008-11-24 16:57 <DIR> d-------- c:\windows\system32\bits 2008-11-24 16:56 . 2004-07-02 09:08 361,984 --a--c--- c:\windows\system32\dllcache\qmgr.dll 2008-11-24 16:56 . 2004-07-02 09:08 331,776 --a------ c:\windows\system32\winhttp.dll 2008-11-24 16:56 . 2004-07-01 10:59 158,720 --------- c:\windows\system32\xpob2res.dll 2008-11-24 16:56 . 2004-07-02 09:08 17,408 --a------ c:\windows\system32\qmgrprxy.dll 2008-11-24 16:56 . 2004-07-02 09:08 17,408 --a--c--- c:\windows\system32\dllcache\qmgrprxy.dll 2008-11-24 16:56 . 2004-07-02 09:08 7,680 -----c--- c:\windows\system32\dllcache\bitsprx2.dll 2008-11-24 16:56 . 2004-07-02 09:08 7,680 --------- c:\windows\system32\bitsprx2.dll 2008-11-24 16:56 . 2004-07-02 09:08 7,168 -----c--- c:\windows\system32\dllcache\bitsprx3.dll 2008-11-24 16:56 . 2004-07-02 09:08 7,168 --------- c:\windows\system32\bitsprx3.dll 2008-11-24 16:44 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll 2008-11-24 16:44 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll 2008-11-24 16:44 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl 2008-11-24 16:44 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll 2008-11-24 16:44 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll 2008-11-24 16:44 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe 2008-11-24 16:44 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll 2008-11-24 14:01 . 2008-11-24 14:01 <DIR> d-------- c:\program files\Gmer 2008-11-24 14:01 . 2008-11-24 14:20 250 --a------ c:\windows\gmer.ini 2008-11-23 21:48 . 2008-11-23 21:48 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Microsoft Web Folders 2008-11-23 18:05 . 2008-11-23 18:05 75,039 --a------ c:\documents and settings\Mahamed\S87ekhV.exe 2008-11-23 18:05 . 2008-11-23 18:05 12,800 --a------ c:\documents and settings\Mahamed\drwvas.exe 2008-11-23 16:26 . 2008-11-23 16:26 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 00:28 12,800 ----a-w c:\windows\system32\svchost.exe 2008-11-23 10:47 --------- d-----w c:\program files\microsoft frontpage 2008-11-23 05:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-11-23 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-23 05:22 --------- d-----w c:\program files\Trend Micro 2008-11-23 04:40 --------- d-----w c:\program files\DIFX 2008-11-23 04:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-10-22 05:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 05:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2001-10-04 13312] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-04 13312] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-22 65588] S4 hpt3xx;hpt3xx; [] *Newly Created Service* - ALG *Newly Created Service* - IPNAT *Newly Created Service* - PROCEXP90 *Newly Created Service* - SHAREDACCESS . - - - - ORPHANS REMOVED - - - - Notify-nharyqcj - nharyqcj32.dll SafeBoot-Winxe83.sys . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Mahamed\Application Data\Mozilla\Firefox\Profiles\yf1jfh2e.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 12:24:10 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(604) c:\windows\system32\ODBC32.dll c:\windows\System32\rsaenh.dll - - - - - - - > 'lsass.exe'(660) c:\windows\System32\rsaenh.dll c:\windows\System32\dssenh.dll . Completion time: 2008-11-25 12:25:19 ComboFix-quarantined-files.txt 2008-11-25 01:25:16 Pre-Run: 75,436,298,240 bytes free Post-Run: 75,428,724,736 bytes free WinXP_EN_PRO_BF.EXE [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 113 --- E O F --- 2008-11-24 05:57:48 Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 25, 2008 Hello 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: File::c:\documents and settings\Mahamed\S87ekhV.exe c:\documents and settings\Mahamed\drwvas.exe Folder:: Driver:: hpt3xx Registry:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: c:\windows\system32\svchost.exe [*]Click on the Upload button [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. [*]Paste the contents of the Clipboard in your next reply. Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 25, 2008 My net is still capped so the uploading is going at 0 Kbps and est. time left is 12 hours and giong up. Should i just go onto the MBAM scan? Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 25, 2008 ComboFix 08-11-23.02 - Mahamed 2008-11-25 12:36:22.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.218 [GMT 11:00] Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt * Created a new restore point FILE :: c:\documents and settings\Mahamed\drwvas.exe c:\documents and settings\Mahamed\S87ekhV.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mahamed\drwvas.exe c:\documents and settings\Mahamed\S87ekhV.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hpt3xx ((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 ))))))))))))))))))))))))))))))) . 2008-11-25 11:40 . 2008-11-25 11:40 <DIR> d-------- c:\windows\ERUNT 2008-11-25 11:39 . 2008-11-25 12:08 <DIR> d-------- C:\SDFix 2008-11-25 11:39 . 2008-11-25 11:39 <DIR> d-------- c:\documents and settings\Administrator 2008-11-25 08:43 . 2008-11-25 08:43 <DIR> d---s---- c:\windows\system32\config\systemprofile\UserData 2008-11-24 18:51 . 2008-11-24 21:00 <DIR> d-------- c:\program files\SpywareBlaster 2008-11-24 18:51 . 2008-11-24 19:08 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-24 16:57 . 2008-11-24 16:57 <DIR> d-------- c:\windows\system32\bits 2008-11-24 16:56 . 2004-07-02 09:08 361,984 --a--c--- c:\windows\system32\dllcache\qmgr.dll 2008-11-24 16:56 . 2004-07-02 09:08 331,776 --a------ c:\windows\system32\winhttp.dll 2008-11-24 16:56 . 2004-07-01 10:59 158,720 --------- c:\windows\system32\xpob2res.dll 2008-11-24 16:56 . 2004-07-02 09:08 17,408 --a------ c:\windows\system32\qmgrprxy.dll 2008-11-24 16:56 . 2004-07-02 09:08 17,408 --a--c--- c:\windows\system32\dllcache\qmgrprxy.dll 2008-11-24 16:56 . 2004-07-02 09:08 7,680 -----c--- c:\windows\system32\dllcache\bitsprx2.dll 2008-11-24 16:56 . 2004-07-02 09:08 7,680 --------- c:\windows\system32\bitsprx2.dll 2008-11-24 16:56 . 2004-07-02 09:08 7,168 -----c--- c:\windows\system32\dllcache\bitsprx3.dll 2008-11-24 16:56 . 2004-07-02 09:08 7,168 --------- c:\windows\system32\bitsprx3.dll 2008-11-24 16:44 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll 2008-11-24 16:44 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll 2008-11-24 16:44 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl 2008-11-24 16:44 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll 2008-11-24 16:44 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll 2008-11-24 16:44 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe 2008-11-24 16:44 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll 2008-11-24 14:01 . 2008-11-24 14:01 <DIR> d-------- c:\program files\Gmer 2008-11-24 14:01 . 2008-11-24 14:20 250 --a------ c:\windows\gmer.ini 2008-11-23 21:48 . 2008-11-23 21:48 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Microsoft Web Folders 2008-11-23 16:26 . 2008-11-23 16:26 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 00:28 12,800 ----a-w c:\windows\system32\svchost.exe 2008-11-23 10:47 --------- d-----w c:\program files\microsoft frontpage 2008-11-23 05:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-11-23 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-23 05:22 --------- d-----w c:\program files\Trend Micro 2008-11-23 04:40 --------- d-----w c:\program files\DIFX 2008-11-23 04:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-10-22 05:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 05:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll . ((((((((((((((((((((((((((((( [email protected]_12.24.33.68 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 09:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2001-10-04 13312] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-04 13312] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-22 65588] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 12:39:30 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(608) c:\windows\system32\ODBC32.dll c:\windows\System32\rsaenh.dll - - - - - - - > 'lsass.exe'(668) c:\windows\System32\rsaenh.dll c:\windows\System32\dssenh.dll . Completion time: 2008-11-25 12:40:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-25 01:40:51 ComboFix2.txt 2008-11-25 01:25:21 Pre-Run: 75,417,096,192 bytes free Post-Run: 75,378,163,712 bytes free 104 --- E O F --- 2008-11-24 05:57:48 Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 25, 2008 Malwarebytes' Anti-Malware 1.30 Database version: 1421 Windows 5.1.2600 25/11/2008 1:09:56 PM mbam-log-2008-11-25 (13-09-56).txt Scan type: Quick Scan Objects scanned: 42724 Time elapsed: 3 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 26, 2008 (edited) There seems to be no signs of infections. Only two problems though : 1. svchost.exe (NETWORK SERVICE) takes 90%+ CPU Usage. I am forced to end the process and then my Computer works perfectly fine. 2. A couple of hours after opening SpwareGuard, it dissappears from my tray but sgbhp.exe and sgmain still run in my Task Manager. Thanks again for all the help. Edited November 26, 2008 by Morphling Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 26, 2008 Can you post the Kaspersky log ? Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: c:\windows\system32\svchost.exe [*]Click on the Upload button [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. [*]Paste the contents of the Clipboard in your next reply. Also post a new HJT log Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 27, 2008 Oh. Didn't know i was meant to do a Kaspersky scan. Will do it now. My net is uncapped on 8th of December so Virscan.org uploading still says "Est speed : 0 KBs" and "Est. Time Left : 16+ hours". I think the svchost.exe CPU usage is high when Windows update is running. Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 27, 2008 I can't do an online Kaspersky scan because for Java runtime to work i need Windows XP SP1 but i only have Version 2002. Since my net is capped (Brother downloaded so many movies, =.="), downloading the new Service Pack will take forever (like literally). I'll scan with Kaspersky once im uncapped (8th December). There doesn't seem to be any problems though. Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 27, 2008 Lets see a new HJT log, I think we got rid of it Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 28, 2008 Yeah. I think it was hard to get rid of it before because i kept reinfecting my computer with my infected USB. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:01:52 AM, on 28/11/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\BitTorrent\BitTorrent.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 2594 bytes Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 28, 2008 Yep that must have been causing it Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. *ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points. *Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested. Share this post Link to post Share on other sites
Morphling 0 Report post Posted November 29, 2008 Done uninstalling all Combofix and done OTCleanIT. Thanks once again for the help. New Captain (Fabregas) means Premiership is ours. You can close the thread if you want. Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 29, 2008 I wont hold my breath at Arsenal winning the premiership anytime soon Share this post Link to post Share on other sites
Rorschach112 0 Report post Posted November 29, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you ! Share this post Link to post Share on other sites