data execution prevention problem and nod32 not removing Protector.C + Kryptik.YT

[NatMM]

Hello. I am having a problem with data execution prevention when windows starts up and also nod32 is finding a few things, some of which it blocks internet access for (thankfully..) and some others which it cant clean or delete.

At first I couldn't even run explorer or taskmanager but after rebooting in safe mode and doing a system restore to early this morning and was then able to start taskmanager when booting normally and from then after a few tries get explorer to work. I still receive a data execution prevention for userinit logon application and since nod32 started up im receiving threat warnings for Win32/Kryptik.YT trojan, Win32/Protector.C virus and Win32/VB.IY virus, among others..

Here is my hijack this log. Thanks in advance for any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:00 PM, on 8/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\WINDOWS\system32\IoctlSvc.exe
I:\WINDOWS\system32\PnkBstrA.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Canon\CAL\CALMAIN.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Java\jre6\bin\jusched.exe
I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,I:\WINDOWS\Downloaded Program Files\SVCHOST.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [FreeRAM XP] "I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://I:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9DCA540-F2ED-4667-A402-A52A97AB1A60}: NameServer = 194.90.1.5 212.143.212.143
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - I:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - I:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - I:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9abdb5c03ee1e) (gupdate1c9abdb5c03ee1e) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - I:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - I:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SimCity4 Startup Manager Service (sc4stupmngrService) - Unknown owner - I:\Program Files\SimCity4 StartupManager\sumservice.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5727 bytes

[Blade81]

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

[NatMM]

Hello, thanks for your reply.

Here is the first log DDS.txt

DDS (Ver_09-07-30.01) - NTFSx86
Run by Nat at 19:38:43.75 on Mon 08/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1139 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\WINDOWS\system32\IoctlSvc.exe
I:\WINDOWS\system32\PnkBstrA.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I:\WINDOWS\System32\svchost.exe -k imgsvc
I:\Program Files\Canon\CAL\CALMAIN.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Java\jre6\bin\jusched.exe
I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
svchost.exe I:\WINDOWS\TEMP\VRTB.tmp
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Azureus\Azureus.exe
I:\Documents and Settings\Nat\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
svchost.exe I:\WINDOWS\TEMP\VRT13D5.tmp
I:\WINDOWS\System32\reader_s.exe
I:\Program Files\zMUD\Zmud.exe
I:\Program Files\zMUD\Zmud.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Documents and Settings\Nat\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,i:\windows\downloaded program files\SVCHOST.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - i:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - i:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - i:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [FreeRAM XP] "i:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SunJavaUpdateSched] "i:\program files\java\jre6\bin\jusched.exe"
mRun: [egui] "i:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [reader_s] i:\windows\system32\reader_s.exe
dRun: [CTFMON.EXE] i:\windows\system32\CTFMON.EXE
dRun: [reader_s] i:\documents and settings\nat\reader_s.exe
IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - i:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {F9DCA540-F2ED-4667-A402-A52A97AB1A60} = 194.90.1.5 212.143.212.143
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - i:\program files\stardock\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - i:\docume~1\nat\applic~1\mozilla\firefox\profiles\7rn34wdp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: i:\documents and settings\nat\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: i:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: i:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: i:\program files\picasa2\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 MacOpen;MacOpen;i:\windows\system32\drivers\MacOpen.sys [2008-7-25 177152]
R1 ehdrv;ehdrv;i:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;i:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 ekrn;ESET Service;i:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;i:\windows\system32\drivers\l251x86.sys [2008-6-3 30720]
S2 gupdate1c9abdb5c03ee1e;Google Update Service (gupdate1c9abdb5c03ee1e);i:\program files\google\update\GoogleUpdate.exe [2009-3-23 133104]
S3 AVPsys;AVPsys;i:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]
S3 cpuz132;cpuz132;i:\windows\system32\drivers\cpuz132_x32.sys [2009-7-10 12672]
S3 sc4stupmngrService;SimCity4 Startup Manager Service;i:\program files\simcity4 startupmanager\sumservice.exe [2007-6-3 156160]
S3 Wdm1;USB Bridge Cable Driver;i:\windows\system32\drivers\usbbc.sys [2008-6-14 15576]

=============== Created Last 30 ================

2009-08-09 04:52 52,998 a------- i:\windows\system32\13D9.tmp
2009-08-09 04:52 84 a------- i:\windows\system32\13D6.tmp
2009-08-08 13:11 <DIR> --d----- i:\program files\Trend Micro
2009-08-08 12:58 51,558 a------- i:\windows\system32\1F.tmp
2009-08-08 12:58 84 a------- i:\windows\system32\10.tmp
2009-08-08 12:42 51,558 a------- i:\windows\system32\16.tmp
2009-08-08 12:42 84 a------- i:\windows\system32\12.tmp
2009-08-08 12:19 55,808 a------- i:\documents and settings\nat\reader_s.exe
2009-08-08 12:19 55,808 a------- i:\windows\system32\reader_s.exe
2009-08-08 12:19 52,998 a------- i:\windows\system32\2C.tmp
2009-08-08 12:18 84 a------- i:\windows\system32\28.tmp
2009-08-08 12:14 <DIR> --d----- i:\windows\system32\wbem\Repository
2009-08-07 18:11 <DIR> --d----- i:\docume~1\nat\applic~1\Stardock
2009-08-07 18:10 <DIR> -cd-h--- i:\docume~1\alluse~1\applic~1\{834D2026-B540-4760-AA88-8738A7E11FC0}
2009-08-07 18:10 <DIR> --d----- i:\program files\Stardock
2009-08-07 10:22 19,878 a------- i:\windows\system32\8C67.tmp
2009-08-07 10:22 40 a------- i:\windows\system32\8C53.tmp
2009-08-03 17:55 <DIR> --d----- I:\New Folder
2009-08-03 17:44 <DIR> --d----- i:\program files\ESET
2009-08-02 22:16 <DIR> --d----- i:\documents and settings\nat\workspace
2009-07-28 12:20 <DIR> --d----- i:\program files\common files\Blizzard Entertainment
2009-07-17 17:03 <DIR> --d----- i:\program files\MagicISO
2009-07-16 15:01 <DIR> --d----- i:\program files\Chec

==================== Find3M ====================

2009-08-08 12:42 182,912 a------- i:\windows\system32\drivers\ndis.sys
2009-07-08 22:00 30,912 a---h--- i:\windows\system32\mlfcache.dat
2009-07-03 14:46 107,888 a------- i:\windows\system32\CmdLineExt.dll
2009-06-12 13:44 4,096 a------- i:\windows\d3dx.dat
2008-10-09 17:30 22,328 a------- i:\docume~1\nat\applic~1\PnkBstrK.sys

============= FINISH: 19:39:07.37 ===============


Second log, attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2008 8:18:09 PM
System Uptime: 8/8/2009 12:45:04 PM (55 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Intel Pentium III Xeon processor | LGA 775 | 2133/333mhz
Processor: Intel Pentium III Xeon processor | LGA 775 | 2133/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 8.349 GiB free.
D: is CDROM (CDFS)
E: is CDROM (UDF)
F: is CDROM ()
G: is CDROM ()
I: is FIXED (NTFS) - 195 GiB total, 2.56 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
Service:

==== System Restore Points ===================

RP473: 8/8/2009 10:23:07 AM - System Checkpoint
RP474: 8/8/2009 12:14:39 PM - Restore Operation
RP475: 8/8/2009 12:20:50 PM - Removed Kaspersky Anti-Virus 2009.
RP476: 8/9/2009 12:51:20 PM - System Checkpoint
RP477: 8/10/2009 1:10:35 PM - System Checkpoint

==== Installed Programs ======================



7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 7.0
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
AGEIA PhysX v7.09.13
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) L2 Fast Ethernet Driver
AudioShell 1.3.5
AutoUpdate
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Azureus Vuze
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon EOS 5D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.2
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDex extraction audio
CDisplay 1.8
Cheat Engine 5.4
CPUID CPU-Z 1.51
DAEMON Tools
DivX Converter
DivX Player
DivX Web Player
DNA
DVD43 v4.4.0
EphPod
ERUNT 1.1j
ESET NOD32 Antivirus
EVEMon
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.9.9
Fences
Futuremark SystemInfo
Google Chrome
Google Earth
Google Update Helper
Governor of Poker
Grand Theft Auto IV
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Infinifrag
Infiniminer
iriver plus 3 (remove only)
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) 6 Update 6
K-Lite Codec Pack 3.9.5 (Full)
MacDisk version 7.5
MacOpener 4.0
Magic ISO Maker v5.5 (build 0276)
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.0.13)
Mp3tag v2.41
MSXML 6.0 Parser (KB925673)
Need for Speed™ Carbon
Nero BackItUp 2 Essentials
Nero OEM
Network Addon Mod Version March 2009
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
PC-Linq
PC Probe II
PDF Settings
Picasa 3
Project64 1.6
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Rockstar Games Social Club
Rome - Total War(TM)
Scorched3D 41.3
Security Update for Windows XP (KB958644)
SimCity 4 Deluxe
SimCity4 StartupManager
Space Empires V
Stainless Steel 4.0
Stainless_Steel_6.0_Part1of2
Stainless_Steel_6.0_Part2of2
System Requirements Lab
Universal Extractor 1.6
VideoLAN VLC media player 0.8.6h
Viewpoint Media Player
WebFldrs XP
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 2
WinFast(R) Display Driver
WinFox Setup
WinRAR archiver
World of Warcraft Trial
XML Paper Specification Shared Components Pack 1.0
zMUD 7.21.0.0

==== Event Viewer Messages From Past Week ========

8/8/2009 12:10:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order

to run the server: {000C101C-0000-0000-C000-000000000046}
8/8/2009 12:06:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO ehdrv

Fips intelppm kl1 klbg KLIF
8/8/2009 12:05:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order

to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/8/2009 11:47:28 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/8/2009 11:40:40 AM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 3 time(s).

The following corrective action will be taken in 0 milliseconds: Restart the service.
8/8/2009 11:40:30 AM, error: Service Control Manager [7034] - The Lsdiorw service terminated unexpectedly. It has done this 1 time(s).
8/8/2009 11:40:25 AM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has

done this 1 time(s).
8/8/2009 11:40:22 AM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has

done this 1 time(s).
8/8/2009 11:40:21 AM, error: Service Control Manager [7034] - The StarWind iSCSI Service service terminated unexpectedly. It has done this 1

time(s).
8/8/2009 11:40:18 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1

time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/8/2009 11:40:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time

(s).
8/8/2009 11:40:08 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
8/8/2009 11:40:06 AM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 2 time(s).

The following corrective action will be taken in 0 milliseconds: Restart the service.
8/8/2009 11:39:49 AM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 0 milliseconds: Restart the service.
8/7/2009 10:22:24 AM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1

time(s).
8/3/2009 5:47:09 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


Third log, from GMER will follow in the next post.

[NatMM]

I have split the log into three posts:

GMER 1.0.15.15020 [jd4x649l.exe] - http://www.gmer.net
Rootkit scan 2009-08-11 09:44:05
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xBA767818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xBA7677D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xBA75BA20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xBA75C2A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xBA767910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xBA767794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xBA75C2C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xBA767866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xBA7670B0]

Code 8A483500 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1

---- User code sections - GMER 1.0.15 ----

.text I:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\RTHDCPL.EXE[208] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\RTHDCPL.EXE[208] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\RTHDCPL.EXE[208] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\RTHDCPL.EXE[208] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\RTHDCPL.EXE[208] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\RTHDCPL.EXE[208] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe[280] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe[280] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe[280] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe[280] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe[280] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe[280] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\System32\alg.exe[572] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\alg.exe[572] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\alg.exe[572] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\alg.exe[572] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\alg.exe[572] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\alg.exe[572] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\System32\nvsvc32.exe[668] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\nvsvc32.exe[668] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\nvsvc32.exe[668] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\nvsvc32.exe[668] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\nvsvc32.exe[668] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\nvsvc32.exe[668] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\system32\IoctlSvc.exe[704] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\system32\IoctlSvc.exe[704] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\system32\IoctlSvc.exe[704] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\system32\IoctlSvc.exe[704] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\system32\IoctlSvc.exe[704] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\system32\IoctlSvc.exe[704] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\system32\PnkBstrA.exe[720] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\system32\PnkBstrA.exe[720] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\system32\PnkBstrA.exe[720] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\system32\PnkBstrA.exe[720] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\system32\PnkBstrA.exe[720] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\system32\PnkBstrA.exe[720] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF948C4
.text I:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF94953
.text I:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF94960
.text I:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FF94BE4
.text I:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94949
.text I:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF949A1
.text I:\WINDOWS\system32\services.exe[804] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF948C4
.text I:\WINDOWS\system32\services.exe[804] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF94953
.text I:\WINDOWS\system32\services.exe[804] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF94960
.text I:\WINDOWS\system32\services.exe[804] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FF94BE4
.text I:\WINDOWS\system32\services.exe[804] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94949
.text I:\WINDOWS\system32\services.exe[804] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF949A1
.text I:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF948C4
.text I:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF94953
.text I:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF94960
.text I:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FF94BE4
.text I:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF94949
.text I:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF949A1
.text I:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\system32\wscntfy.exe[1048] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\system32\wscntfy.exe[1048] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\system32\wscntfy.exe[1048] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\system32\wscntfy.exe[1048] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\system32\wscntfy.exe[1048] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\system32\wscntfy.exe[1048] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1116] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1116] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1116] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1116] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1116] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1116] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF848C4
.text I:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF84953
.text I:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF84960
.text I:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FF84BE4
.text I:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF84949
.text I:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF849A1
.text I:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
? I:\WINDOWS\System32\svchost.exe[1440] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text I:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\system32\spoolsv.exe[1496] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\system32\spoolsv.exe[1496] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\system32\spoolsv.exe[1496] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\system32\spoolsv.exe[1496] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\system32\spoolsv.exe[1496] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\system32\spoolsv.exe[1496] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\Canon\CAL\CALMAIN.exe[1704] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\Canon\CAL\CALMAIN.exe[1704] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\Canon\CAL\CALMAIN.exe[1704] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\Canon\CAL\CALMAIN.exe[1704] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\Canon\CAL\CALMAIN.exe[1704] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\Canon\CAL\CALMAIN.exe[1704] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
? I:\WINDOWS\System32\svchost.exe[1804] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text I:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1864] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1864] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1864] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1864] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1864] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1864] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\Bonjour\mDNSResponder.exe[1880] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\Bonjour\mDNSResponder.exe[1880] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\Bonjour\mDNSResponder.exe[1880] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\Bonjour\mDNSResponder.exe[1880] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\Bonjour\mDNSResponder.exe[1880] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\Bonjour\mDNSResponder.exe[1880] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.reloc I:\WINDOWS\Explorer.EXE[1912] I:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040]
.reloc I:\WINDOWS\Explorer.EXE[1912] I:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010FE985]
.text I:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1916] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1916] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1916] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1916] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1916] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1916] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1916] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text I:\Program Files\Java\jre6\bin\jusched.exe[2064] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\Java\jre6\bin\jusched.exe[2064] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\Java\jre6\bin\jusched.exe[2064] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\Java\jre6\bin\jusched.exe[2064] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\Java\jre6\bin\jusched.exe[2064] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\Java\jre6\bin\jusched.exe[2064] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2088] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2088] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2088] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2088] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2088] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2088] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\zMUD\Zmud.exe[2168] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\zMUD\Zmud.exe[2168] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\zMUD\Zmud.exe[2168] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\zMUD\Zmud.exe[2168] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\zMUD\Zmud.exe[2168] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\zMUD\Zmud.exe[2168] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe[2332] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe[2332] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe[2332] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe[2332] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe[2332] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe[2332] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
? I:\WINDOWS\System32\svchost.exe[2568] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
.text I:\WINDOWS\System32\svchost.exe[2568] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\svchost.exe[2568] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\svchost.exe[2568] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\svchost.exe[2568] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\svchost.exe[2568] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\svchost.exe[2568] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\system32\svchost.exe[2592] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\system32\svchost.exe[2592] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\system32\svchost.exe[2592] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\system32\svchost.exe[2592] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\system32\svchost.exe[2592] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\system32\svchost.exe[2592] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
? I:\WINDOWS\System32\svchost.exe[3776] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text I:\WINDOWS\System32\svchost.exe[3776] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\svchost.exe[3776] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\svchost.exe[3776] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\svchost.exe[3776] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\svchost.exe[3776] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\svchost.exe[3776] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\system32\svchost.exe[4248] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\system32\svchost.exe[4248] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\system32\svchost.exe[4248] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\system32\svchost.exe[4248] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\system32\svchost.exe[4248] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\system32\svchost.exe[4248] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\zMUD\Zmud.exe[4548] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\zMUD\Zmud.exe[4548] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\zMUD\Zmud.exe[4548] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\zMUD\Zmud.exe[4548] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\zMUD\Zmud.exe[4548] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\zMUD\Zmud.exe[4548] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\WINDOWS\System32\reader_s.exe[4600] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\reader_s.exe[4600] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\reader_s.exe[4600] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\reader_s.exe[4600] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\reader_s.exe[4600] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\reader_s.exe[4600] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Documents and Settings\Nat\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe[4612] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Documents and Settings\Nat\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe[4612] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Documents and Settings\Nat\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe[4612] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Documents and Settings\Nat\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe[4612] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Documents and Settings\Nat\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe[4612] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Documents and Settings\Nat\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe[4612] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Documents and Settings\Nat\Desktop\jd4x649l.exe[4904] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Documents and Settings\Nat\Desktop\jd4x649l.exe[4904] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Documents and Settings\Nat\Desktop\jd4x649l.exe[4904] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Documents and Settings\Nat\Desktop\jd4x649l.exe[4904] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Documents and Settings\Nat\Desktop\jd4x649l.exe[4904] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Documents and Settings\Nat\Desktop\jd4x649l.exe[4904] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
? I:\WINDOWS\System32\svchost.exe[5288] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text I:\WINDOWS\System32\svchost.exe[5288] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\WINDOWS\System32\svchost.exe[5288] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\WINDOWS\System32\svchost.exe[5288] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\WINDOWS\System32\svchost.exe[5288] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\WINDOWS\System32\svchost.exe[5288] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\WINDOWS\System32\svchost.exe[5288] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\Mozilla Firefox\firefox.exe[5444] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\Mozilla Firefox\firefox.exe[5444] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\Mozilla Firefox\firefox.exe[5444] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\Mozilla Firefox\firefox.exe[5444] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\Mozilla Firefox\firefox.exe[5444] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\Mozilla Firefox\firefox.exe[5444] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1
.text I:\Program Files\Azureus\Azureus.exe[5900] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA48C4
.text I:\Program Files\Azureus\Azureus.exe[5900] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4953
.text I:\Program Files\Azureus\Azureus.exe[5900] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4960
.text I:\Program Files\Azureus\Azureus.exe[5900] ntdll.dll!NtDeviceIoControlFile 7C90D8E3 5 Bytes CALL 7FFA4BE4
.text I:\Program Files\Azureus\Azureus.exe[5900] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA4949
.text I:\Program Files\Azureus\Azureus.exe[5900] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA49A1

---- User IAT/EAT - GMER 1.0.15 ----

IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 4CE90043
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] I:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D03EE8
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3BDE856
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8B9E8
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021F05E8
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 0DE8F075
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CF
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] B7E8C68B
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] A0E95ECE
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8

[NatMM]

IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D309E856
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] DCE85607
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A8DB8
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E5CE800
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CED7
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021F09E8
IAT I:\WINDOWS\System32\svchost.exe[1440] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 4CE90043
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] I:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D03EE8
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3BDE856
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8B9E8
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021F05E8
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 0DE8F075
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CF
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] B7E8C68B
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] A0E95ECE
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D309E856
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] DCE85607
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A8DB8
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E5CE800
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CED7
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021F09E8
IAT I:\WINDOWS\System32\svchost.exe[1804] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 0037635E
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00376F37
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00378CE1
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00377703
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0037711C
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0037A1C7
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0037A1F7
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0037AD3A
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00379F21
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00378C71
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00377DC3
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00377517
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00377A5F
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0037B066
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0037875B
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00378B6D
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00379316
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00378FC9
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00379287
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0037989D
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0037940E
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 0037732B
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00377D18
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0037A2A2
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0037908B
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00378C24
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00378998
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00378D71
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0037AD46
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00378F37
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0037855C
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0037AECB
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0037AE99
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0037AFEE
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0037B04A
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0037AF37
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0037AB20
IAT I:\Program Files\zMUD\Zmud.exe[2168] @ I:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0037A933
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 4CE90043
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] I:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D03EE8
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3BDE856
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 5D10C483
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8B9E8
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021F05E8
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 0DE8F075
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CF
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] B7E8C68B
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] A0E95ECE
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D309E856
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] DCE85607
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A8DB8
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E5CE800
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CED7
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021F09E8
IAT I:\WINDOWS\System32\svchost.exe[2568] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200

[NatMM]

IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DFC123] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6A78] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DD6FC8] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DDD7CC] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD6BF0] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD761B] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DDEAF4] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DFC8C1] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DDEDE5] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DDEBE7] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DD7883] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77DFC1B5] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000000
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77F15E10] I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 00000000
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C80A480] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C838CB9] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80CEC4] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C832E2B] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80D47E] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C80B6B1] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C812BE6] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809A81] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809B14] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80B357] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812CA9] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C809BF5] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C809750] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80E63C] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C812E03] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C810386] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C862B8A] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C80E00D] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C801E16] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80B529] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80B859] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C937A40] I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C80C729] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80C6E0] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C810311] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80EB3F] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C802442] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C809B77] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80EC1B] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C8092AC] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C809A39] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80180E] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C810C8F] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C801A24] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C910331] I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C810F9F] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C81114A] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C81E5E9] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C838FB9] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C802530] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C81486A] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C801625] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C80A0C7] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C809CAD] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C8221CF] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C81EE79] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80E9EC] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80176B] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C813531] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C81E85C] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C839019] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C813559] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C81EAE1] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C80A859] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C80A823] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C80B929] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C9010ED] I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C901005] I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[3776] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C809C28] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6A78] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD6FC8] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDD7CC] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DD6BF0] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DD761B] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DDEAF4] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DDEBE7] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DD7883] I:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77F15E10] I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77F16E51] I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [77F16DC0] I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F159A0] I:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C832E2B] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C80D47E] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80B6B1] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C8112E3] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C81E82A] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C809943] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C812BE6] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C812CA9] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C809BF5] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809750] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80E63C] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812E03] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C810386] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C862B8A] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80E00D] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C801E16] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80B529] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80B859] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C937A40] I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80C6E0] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C80C729] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C810311] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C80EB3F] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C802442] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C809B77] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80EC1B] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C8092AC] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80B8EC] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C809A39] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C80180E] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810C8F] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C910331] I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C810F9F] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C81114A] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C81E5E9] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C838FB9] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C802530] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C81486A] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C80A0C7] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C809CAD] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C81EE79] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C80E9EC] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80176B] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C813531] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C81E85C] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C80EFD7] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C839019] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C813559] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C81EAE1] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80A859] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C80A823] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C9010ED] I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C901005] I:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C809C28] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C8097AD] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C8097C6] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C81E4BD] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809FA1] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C81082F] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT I:\WINDOWS\System32\svchost.exe[5288] @ I:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C809C4C] I:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A662B60

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 897FDCF8
Device \FileSystem\Udfs \UdfsCdRom 8A135228
Device \FileSystem\Udfs \UdfsDisk 8A135228
Device \Driver\NDIS \Device\Ndis [8A45D982] NDIS.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\Cdrom \Device\CdRom0 8A0D0220
Device \FileSystem\Rdbss \Device\FsWrap 8A3F54A0
Device \Driver\Cdrom \Device\CdRom1 8A0D0220
Device \Driver\atapi \Device\Ide\IdePort0 8A0FE918
Device \Driver\atapi \Device\Ide\IdePort1 8A0FE918
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 8A0FE918
Device \Driver\atapi \Device\Ide\IdePort2 8A0FE918
Device \Driver\atapi \Device\Ide\IdePort3 8A0FE918
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8A0FE918
Device \Driver\Cdrom \Device\CdRom2 8A0D0220
Device \Driver\Cdrom \Device\CdRom3 8A0D0220
Device \FileSystem\Srv \Device\LanmanServer 89B961E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A27F7D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A27F7D8
Device \FileSystem\Npfs \Device\NamedPipe 89DF4B18
Device \FileSystem\Msfs \Device\Mailslot 8A3C9C88
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 8A13DDE0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 8A101AB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8A13DDE0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port5Path0Target0Lun0 8A101AB0
Device \Driver\d347prt \Device\Scsi\d347prt1 8A13DDE0
Device \FileSystem\Fastfat \Fat 897FDCF8

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A119A88
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A119A88
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A119A88
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A119A88
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A119A88
Device \FileSystem\Cdfs \Cdfs 89C59B58

---- Modules - GMER 1.0.15 ----

Module _________ BA6BE000-BA6D6000 (98304 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:476] 89B53790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x18 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0xD6 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0xD6 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0xD6 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0xD6 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z0 0x01 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z1 0xD6 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z2 0xD6 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z3 0xD6 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z4 0xD6 0xF7 0xAB 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5528BA78-805D-200A-5548-C6E06D84685E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5528BA78-805D-200A-5548-C6E06D84685E}@hakmnmdiccblomhl 0x6E 0x61 0x6E 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5528BA78-805D-200A-5548-C6E06D84685E}@jajmanjopoghggiiapgg 0x6F 0x61 0x6A 0x6D ...

---- Files - GMER 1.0.15 ----

File I:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 167552/182912 bytes executable
File I:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212480/182912 bytes executable

---- EOF - GMER 1.0.15 ----

[Blade81]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus Vuze
DNA


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

I:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.